Date: Thu, 27 Mar 2008 18:59:27 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com Subject: using oss-security references in CVE All, In CVE, we try to provide "provenance" for every detail that makes its way into the description. Issues like rxvt and CenterIM have some details that are only publicly documented in oss-security, and I would like to add these as references. However, I haven't done so yet. If I start to add oss-security references to CVEs when needed, this will be noticed by the other vuln DBs and added to their watch lists. As their response is sometimes faster than CVE's, this means that new vuln reports will start showing up publicly much more quickly. While the monitoring of oss-security will happen regardless of whether it's mentioned in CVE or not, including an oss-security reference in CVE will definitely accelerate this. Are people OK with that? - Steve
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.