Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Open Letter on the Interpretation of "Vulnerability Statistics"
From: Georgi Guninski <guninski () guninski com>
Date: Fri, 6 Jan 2006 22:18:51 +0200

On Fri, Jan 06, 2006 at 02:53:56PM -0500, Steven M. Christey wrote:
According to the definitions proposed by Brian Martin of OSVDB, CVE is in
fact a database - HOWEVER it is a highly specialized one intended for
correlation and comparison across multiple tools and products.  That said,
90% of its consumers do not use it for that reason.  The FAQ should
probably be rephrased a bit.


hahahahahaha, "a responsibility rfc government funded
expert" wrote.

http://lists.grok.org.uk/pipermail/full-disclosure/2003-August/008386.html
So you are collecting 0days for free, put them in a lame database and
whine more than a script kiddie this is a hard job?

I don't view it that way.

1) CVE is not a vulnerability database, per the FAQ on the CVE web
  site at http://cve.mitre.org/about/faq.html#A7 (though we are not
  blind to the fact that some people try to use it as a database
  anyways).

-- 
where do you want bill gates to go today? 













































junk:
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]