mailing list archives
From: "Steven M. Christey" <coley () linus mitre org>
Date: Thu, 5 Dec 2002 22:08:54 -0500 (EST)
The core problem we face in CVE is inaccurate and incomplete
information. Indeed, in some cases we have had to codify what to do
when there is insufficient information. We regularly notice important
inconsistencies between different vulnerability reports - assuming, of
course, we can even be certain they are talking about the same
vulnerability. The highest quality information I see comes from
coordination between the researcher and the vendor, with independent
and well-written advisories from both parties to give different
perspectives of the same problem. Of course, there are many reasons
why this does not always happen.
A most interesting commentary throughout.
Full-Disclosure - We believe in it.
- [Poor-Disclosure] batz (Dec 06)
- <Possible follow-ups>
- Re: [Poor-Disclosure] Steven M. Christey (Dec 06)