Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Order Openwall GNU/*/Linux 2.0 on a CD with delivery worldwide
[<prev] [next>] [thread-next>] [month] [year] [list] 
Date: Thu, 27 Mar 2008 18:59:27 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: using oss-security references in CVE


All,

In CVE, we try to provide "provenance" for every detail that makes its way
into the description.  Issues like rxvt and CenterIM have some details
that are only publicly documented in oss-security, and I would like to add
these as references.

However, I haven't done so yet.  If I start to add oss-security references
to CVEs when needed, this will be noticed by the other vuln DBs and added
to their watch lists.  As their response is sometimes faster than CVE's,
this means that new vuln reports will start showing up publicly much more
quickly.

While the monitoring of oss-security will happen regardless of whether
it's mentioned in CVE or not, including an oss-security reference in CVE
will definitely accelerate this.

Are people OK with that?

- Steve

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux