[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.64.0708151938560.24672@forced.attrition.org>
Date: Wed, 15 Aug 2007 19:42:33 +0000 (UTC)
From: security curmudgeon <jericho@...rition.org>
To: Jimby Sharp <jimbysharp@...mail.com>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
"Steven M. Christey" <coley@...re.org>, websecurity@...appsec.org
Subject: Re: SecNiche : Microsoft Internet Explorer Pop up
Blocker Bypassing and Dos Vulner
: I wonder why we can't find Aditya K Sood in any of the security list
: even though he has made so many public disclosures.
:
: See:-
:
: http://www.google.com/search?hl=en&q=site%3Asecunia.com+aditya+sood
:
: http://www.google.com/search?hl=en&q=site%3Aosvdb.org+aditya+sood
:
: Is it because these lists dislike Aditya or is it because they find the
: vulnerabilities to be false while verification?
:
: AFAIK OSVDB has a system of tagging vulnerabilities as Myth/Fake. I
: wonder why the disclosures published by Aditya are missing in OSVDB.
: OSVDB should add these vulnerabilities and properly classify them or tag
: them as fake. Anyone from OSVDB here who can respond?
OSVDB did not begin agressively tracking and cataloging myth/fake
vulnerabilities until earlier this year. Before that they were added as
time permitted, and over the years primarily if there was a lot of
confusion or assumption that a published vulnerability was accurate, when
it clearly was not.
OSVDB will add legitimate vulnerabilities before myth/fake typically, so
in some cases they are just at the bottom of the queue.
The lack of results for your search above is also likely due to the lack
of creditee information associated with many of our entries. This is due
to the creditee field not being added until last year. In some cases, his
vulnerabilities (legit or otherwise) may be in the database, just missing
creditee fields.
Brian
OSVDB.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists