Date: Mon, 4 Aug 2008 18:58:08 +0200 From: Thijs Kinkhorst <thijs@...ian.org> To: oss-security@...ts.openwall.com Cc: "Steven M. Christey" <coley@...us.mitre.org> Subject: source for CVE feed (was: Re: CVE request: httrack buffer overflow) Hi Steve, On Monday 4 August 2008 18:37, Steven M. Christey wrote: > It's in NVD but not yet on the public CVE site, due to various process > oddities. 98% of the time, NVD will have the CVEs before the CVE web site > does. Good to know. Here at Debian we currently import all CVEs into our own system, and we use http://cve.mitre.org/data/downloads/allitems.html.gz as the source for that. Considering your statement we would better be using one of the XML Data feeds from http://nvd.nist.gov/download.cfm , right? Or would you recommend another feed (e.g. the one where NVD gets its data from)? thanks, Thijs Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.