Date: Mon, 07 Mar 2016 11:28:48 +0000 From: Simon Ward <simon+oss-sec@...ah.co.uk> To: oss-security@...ts.openwall.com,Adam Caudill <adam@...mcaudill.com> CC: cve-editorial-board-list <cve-editorial-board-list@...ts.mitre.org> Subject: Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies On 5 March 2016 20:25:49 GMT+00:00, Adam Caudill <adam@...mcaudill.com> wrote: >Here is what I would like to see: > >* Simple ID Request - Data required should be minimal, though I think >a few basic items are needed. Perhaps vendor, product, version(s), >title, and contact information. Optionally, the requestor should be >able to provide their GPG public key, a detailed description, >reference URL(s), etc. The ID should then be instantly issued, and >given a status of assigned. While I like the idea of being able to trivially get a global identifier for a vulnerability I find those with no information,. i.e. Unknown attack vector and impacts, useless. There's no good way to prioritise these: if you assume the worst case you get drowned in a sea of vulnerabilities you have to investigate. Simon -- Sent from Kaiten Mail. Please excuse my brevity.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ