Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 23 Jan 2012 23:26:40 +0400
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Cc: coley@...re.org
Subject: CVE id assignment dates

Hi,

It appears that many people are confused by and concerned about the
"Assigned" dates on CVE ids, not being aware that these dates often (or
even all the time?) merely reflect the assignment of a CVE id pool to a
CNA, normally before the actual vulnerabilities are discovered.

For example, CVE-2012-0056 shows "Assigned (20111207)" - so someone
wrongly thought that this meant that kernel developers or whoever sat on
this bug for 1.5 months.

I think cve.mitre.org web pages need to provide an explanation right
next to these dates or not show the dates.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ