[ Date Prev ][ Date Next ][ Thread Prev ][ Thread Next ][ Date Index ][ Thread Index ]

Re: CVE Must-Have Coverage

To : Andrew Balinsky < balinsky@cisco.com >
Subject : Re: CVE Must-Have Coverage
From : "Steven M. Christey" < coley@rcf-smtp.mitre.org >
Date : Mon, 17 Oct 2011 22:54:00 -0400
CC : "Mann, Dave" < damann@mitre.org >, cve-editorial-board-list< cve-editorial-board-list@LISTS.MITRE.ORG >
Delivery-Date : Mon Oct 17 22:54:18 2011
In-Reply-To : < 424DDA22-0957-4ACF-868F-F317D4809697@cisco.com >
List-Help : < mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST >
List-Owner : < mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG >
List-Subscribe : < mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG >
List-Unsubscribe : < mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG >
References : < 3FF9F74E63A7484EB3B88F04329CBEDC04448C426C@IMCMBX1.MITRE.ORG > < 424DDA22-0957-4ACF-868F-F317D4809697@cisco.com >
Sender : < owner-cve-editorial-board-list@LISTS.MITRE.ORG >

[resending because of bounce]

On Thu, 13 Oct 2011, Andrew Balinsky wrote:

> Also, perhaps something to track things zero day-ish  things that aren't reported to vendors:
> http://www.exploit-db.com or similar.

FYI, we currently monitor Exploit-DB since it is a good source of raw
zero-day-ish information, but it covers mostly low-interest "php-Golf"
disclosures and sometimes publishes advisories that prove to be incorrect
(not that there's anything wrong with that, it comes with the territory.)
As a result, we do not have very high coverage of this source, and things
are only given high priority if an exploit-db entry seems to be related to
a high-priority product.  I suspect that the presence of exploit-DB (and
milw0rm before it) have probably contributed more to the growing increase
in vuln counts over the years than anything else.

- Steve

References :
- CVE Must-Have Coverage
  - From: "Mann, Dave" <damann@mitre.org>
- Re: CVE Must-Have Coverage
  - From: Andrew Balinsky <balinsky@cisco.com>

Prev by Date: Re: CVE Must-Have Coverage
Next by Date: RE: Update Disclosure Sources List - Please Vote!
Prev by thread: Re: CVE Must-Have Coverage
Next by thread: Re: CVE Must-Have Coverage
Index(es):
- Date
- Thread

Page Last Updated or Reviewed: November 06, 2012

Site Map | Terms of Use | Privacy Policy | Contact Us | Follow CVE

Use of the CVE^™ List and the associated references from this website are subject to the terms of use . CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2021, The MITRE Corporation . CVE is a registered trademark and the CVE logo is a trademark of The MITRE Corporation.