Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Open Letter on the Interpretation of "Vulnerability Statistics"
From: "Steven M. Christey" <coley () linus mitre org>
Date: Fri, 6 Jan 2006 15:53:48 -0500 (EST)

*shrug* things change in 2.5 years.  The answer is fundamentally the same,
only I've given up being pedantic about the terminology.

Since your criticism of CVE and the vuln DB world has not changed in 2.5
years (and neither has my defense of it), perhaps we should agree to
disagree and be done with it.

On Fri, 6 Jan 2006, Georgi Guninski wrote:

On Fri, Jan 06, 2006 at 02:53:56PM -0500, Steven M. Christey wrote:
According to the definitions proposed by Brian Martin of OSVDB, CVE is in
fact a database - HOWEVER it is a highly specialized one intended for
correlation and comparison across multiple tools and products.  That said,
90% of its consumers do not use it for that reason.  The FAQ should
probably be rephrased a bit.

hahahahahaha, "a responsibility rfc government funded
expert" wrote.

So you are collecting 0days for free, put them in a lame database and
whine more than a script kiddie this is a hard job?

I don't view it that way.

1) CVE is not a vulnerability database, per the FAQ on the CVE web
  site at http://cve.mitre.org/about/faq.html#A7 (though we are not
  blind to the fact that some people try to use it as a database

where do you want bill gates to go today?


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]