Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Open Letter on the Interpretation of "Vulnerability Statistics"
From: Georgi Guninski <guninski () guninski com>
Date: Fri, 6 Jan 2006 22:18:51 +0200

On Fri, Jan 06, 2006 at 02:53:56PM -0500, Steven M. Christey wrote:
According to the definitions proposed by Brian Martin of OSVDB, CVE is in
fact a database - HOWEVER it is a highly specialized one intended for
correlation and comparison across multiple tools and products.  That said,
90% of its consumers do not use it for that reason.  The FAQ should
probably be rephrased a bit.

hahahahahaha, "a responsibility rfc government funded
expert" wrote.

So you are collecting 0days for free, put them in a lame database and
whine more than a script kiddie this is a hard job?

I don't view it that way.

1) CVE is not a vulnerability database, per the FAQ on the CVE web
  site at http://cve.mitre.org/about/faq.html#A7 (though we are not
  blind to the fact that some people try to use it as a database

where do you want bill gates to go today? 

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]