Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 24 Jan 2012 16:30:07 +0200
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Subject: Re: CVE id assignment dates

On Tue, Jan 24, 2012 at 09:10:55AM -0500, Steven M. Christey wrote:
> I completely agree that tracking this kind of information is
> important, and I've personally wanted to see disclosure-related
> stats for years.  I specifically mentioned OSVDB because they are
> trying to track this information at a greater level of detail than
> any other effort I know of. And, by virtue of being an *open source*
> vulnerability database, others can contribute to it.
> 
> - Steve

First of all I am heavy user of OSVDB (http://osvdb.org/user/fgeek/profile). One should note that even OSVDB has a license, which will limit the usage of the data: http://osvdb.org/license and from my own experience I can say that this is definitely not always a good thing and might create new aspects for words open and free. For NDA reasons I can't say the case where this was a problem, but you can use your imagination.

- Henri Salo

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ