[<prev] [next>] [<thread-prev] [month] [year] [list]
Date: Mon, 4 Aug 2008 20:56:04 +0200
From: Nico Golde <oss-security+ml@...lde.de>
To: oss-security@...ts.openwall.com
Subject: Re: Re: source for CVE feed (was: Re: CVE request: httrack buffer overflow)
Hi Steven,
* Steven M. Christey <coley@...us.mitre.org> [2008-08-04 20:16]:
> On Mon, 4 Aug 2008, Thijs Kinkhorst wrote:
>
> > Considering your statement we would better be using one of the XML Data feeds
> > from http://nvd.nist.gov/download.cfm , right? Or would you recommend another
> > feed (e.g. the one where NVD gets its data from)?
>
> NVD's XML data feed is probably the best out there that's publicly
> available. Representatives of CVE-compatible product authors,
> vulnerability databases, and software vendors can get direct access to an
> email-based feed from MITRE, which is the feed that NVD uses. MITRE
> hasn't opened this to the general public because most people would use it
> like a database, and we don't want to compete with other feeds out there.
> Guess that's kind of silly these days given that NVD turns it around in 5
> minutes, but there it is.
In June you said more regular updates to the MITRE site will probably happen
this summer. This was what I was waiting for so we don't need to adapt the software
behind our security tracker :) Any news on this?
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion@...ber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ