lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.51.0601061551030.9254@cairo.mitre.org>
Date: Fri Jan  6 21:39:12 2006
From: coley at linus.mitre.org (Steven M. Christey)
Subject: Open Letter on the Interpretation of
	"Vulnerability Statistics"


*shrug* things change in 2.5 years.  The answer is fundamentally the same,
only I've given up being pedantic about the terminology.

Since your criticism of CVE and the vuln DB world has not changed in 2.5
years (and neither has my defense of it), perhaps we should agree to
disagree and be done with it.

On Fri, 6 Jan 2006, Georgi Guninski wrote:

> On Fri, Jan 06, 2006 at 02:53:56PM -0500, Steven M. Christey wrote:
> > According to the definitions proposed by Brian Martin of OSVDB, CVE is in
> > fact a database - HOWEVER it is a highly specialized one intended for
> > correlation and comparison across multiple tools and products.  That said,
> > 90% of its consumers do not use it for that reason.  The FAQ should
> > probably be rephrased a bit.
> >
>
> hahahahahaha, "a responsibility rfc government funded
> expert" wrote.
>
> http://lists.grok.org.uk/pipermail/full-disclosure/2003-August/008386.html
> >>So you are collecting 0days for free, put them in a lame database and
> >>whine more than a script kiddie this is a hard job?
>
> >I don't view it that way.
> >
> >1) CVE is not a vulnerability database, per the FAQ on the CVE web
> >   site at http://cve.mitre.org/about/faq.html#A7 (though we are not
> >   blind to the fact that some people try to use it as a database
> >   anyways).
>
> --
> where do you want bill gates to go today?
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> junk:
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ