| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.GSO.4.51.0708151659160.14263@faron.mitre.org> Date: Wed, 15 Aug 2007 17:10:48 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: security curmudgeon <jericho@...rition.org> Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk, "Steven M. Christey" <coley@...re.org>, websecurity@...appsec.org Subject: Re: SecNiche : Microsoft Internet Explorer Pop up Blocker Bypassing and Dos Vulner On Wed, 15 Aug 2007, security curmudgeon wrote: > OSVDB did not begin agressively tracking and cataloging myth/fake > vulnerabilities until earlier this year. CVE began a similar practice by using a "** DISPUTED **" or "** REJECT **" string in the descriptions. > OSVDB will add legitimate vulnerabilities before myth/fake typically, so > in some cases they are just at the bottom of the queue. Same with CVE; so if we've determined that a researcher has a very bad track record, we'll de-prioritize them on our queue. We don't keep a specific list of reliable/unreliable researchers, however. A resource like that would be very useful. Some unreliable researchers do improve, however. - Steve _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists