Home page logo

oss-sec logo oss-sec mailing list archives

Re: Isearch insecure temporary files
From: Henri Salo <henri () nerv fi>
Date: Sun, 30 Dec 2012 18:16:42 +0200

On Sat, Dec 29, 2012 at 08:53:42PM -0700, Kurt Seifried wrote:
One random thought, might it be worth adding structured data to CVE
that basically says when the issue was made public/reported to the
upstream and when upstream 1) acknowledged it (if ever) and then they
patched it (if ever) and when they shipped a fixed version (if ever).
Obviously then you could simply parse for the time between date
reported and date acknowledged/patched/fixed and see how
healthy/responsive the upstream is.

Yes, that would be really useful data with CVEs. OSVDB is collecting that already. That is not easy task btw.

- Henri Salo

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]