Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 27 Mar 2008 18:59:27 -0400 (EDT)
From: "Steven M. Christey" <>
Subject: using oss-security references in CVE


In CVE, we try to provide "provenance" for every detail that makes its way
into the description.  Issues like rxvt and CenterIM have some details
that are only publicly documented in oss-security, and I would like to add
these as references.

However, I haven't done so yet.  If I start to add oss-security references
to CVEs when needed, this will be noticed by the other vuln DBs and added
to their watch lists.  As their response is sometimes faster than CVE's,
this means that new vuln reports will start showing up publicly much more

While the monitoring of oss-security will happen regardless of whether
it's mentioned in CVE or not, including an oss-security reference in CVE
will definitely accelerate this.

Are people OK with that?

- Steve

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.