Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 07 Mar 2016 11:28:48 +0000
From: Simon Ward <>
To:,Adam Caudill <>
CC: cve-editorial-board-list <>
Subject: Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies

On 5 March 2016 20:25:49 GMT+00:00, Adam Caudill <> wrote:
>Here is what I would like to see:
>* Simple ID Request - Data required should be minimal, though I think
>a few basic items are needed. Perhaps vendor, product, version(s),
>title, and contact information. Optionally, the requestor should be
>able to provide their GPG public key, a detailed description,
>reference URL(s), etc. The ID should then be instantly issued, and
>given a status of assigned.

While I like the idea of being able to trivially get a global identifier for a vulnerability I find those with no information,. i.e. Unknown attack vector and impacts, useless. There's no good way to prioritise these: if you assume the worst case you get drowned in a sea of vulnerabilities you have to investigate.

Sent from Kaiten Mail. Please excuse my brevity.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ