[ Date Prev ][ Date Next ][ Thread Prev ][ Thread Next ][ Date Index ][ Thread Index ]

Re: CVE request form is missing an important bit 

On Thu, 5 Jan 2017, Andy Balinsky (balinsky) wrote:

: My point is that the year of the CVE shouldn't be a major data item,
and
: it shouldn't matter much if the year is 2016 or 2017 for a December
: vuln.

"Shouldn't matter", yet every company that uses the CVE data set to
generate statistics rely on that to count by year, even if the
vulnerability was disclosed a year prior to the ID (e.g. disclosed in
2015, received a 2016 ID).

This is a simple fact, and a majority of the 'statistics' we see
surrounding vulnerabilities are impacted by this.

.b
Page Last Updated or Reviewed: January 09, 2017