mailing list archives
Re: Isearch insecure temporary files
From: Henri Salo <henri () nerv fi>
Date: Sun, 30 Dec 2012 18:16:42 +0200
On Sat, Dec 29, 2012 at 08:53:42PM -0700, Kurt Seifried wrote:
One random thought, might it be worth adding structured data to CVE
that basically says when the issue was made public/reported to the
upstream and when upstream 1) acknowledged it (if ever) and then they
patched it (if ever) and when they shipped a fixed version (if ever).
Obviously then you could simply parse for the time between date
reported and date acknowledged/patched/fixed and see how
healthy/responsive the upstream is.
Yes, that would be really useful data with CVEs. OSVDB is collecting that already. That is not easy task btw.
- Henri Salo