Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: [Poor-Disclosure]
From: "Steven M. Christey" <coley () linus mitre org>
Date: Thu, 5 Dec 2002 22:08:54 -0500 (EST)

The core problem we face in CVE is inaccurate and incomplete
information.  Indeed, in some cases we have had to codify what to do
when there is insufficient information.  We regularly notice important
inconsistencies between different vulnerability reports - assuming, of
course, we can even be certain they are talking about the same
vulnerability.  The highest quality information I see comes from
coordination between the researcher and the vendor, with independent
and well-written advisories from both parties to give different
perspectives of the same problem.  Of course, there are many reasons
why this does not always happen.

A most interesting commentary throughout.

- Steve
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
  • [Poor-Disclosure] batz (Dec 06)
    • <Possible follow-ups>
    • Re: [Poor-Disclosure] Steven M. Christey (Dec 06)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]