mailing list archives
Re: Open Letter on the Interpretation of "Vulnerability Statistics"
From: Georgi Guninski <guninski () guninski com>
Date: Fri, 6 Jan 2006 22:18:51 +0200
On Fri, Jan 06, 2006 at 02:53:56PM -0500, Steven M. Christey wrote:
According to the definitions proposed by Brian Martin of OSVDB, CVE is in
fact a database - HOWEVER it is a highly specialized one intended for
correlation and comparison across multiple tools and products. That said,
90% of its consumers do not use it for that reason. The FAQ should
probably be rephrased a bit.
hahahahahaha, "a responsibility rfc government funded
So you are collecting 0days for free, put them in a lame database and
whine more than a script kiddie this is a hard job?
I don't view it that way.
1) CVE is not a vulnerability database, per the FAQ on the CVE web
site at http://cve.mitre.org/about/faq.html#A7 (though we are not
blind to the fact that some people try to use it as a database
where do you want bill gates to go today?
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Re: Open Letter on the Interpretation of "Vulnerability Statistics" Florian Weimer (Jan 07)