Date: Fri, 4 Mar 2011 08:08:03 +0000 (GMT) From: Mark J Cox <mjc@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: Vendor-sec hosting and future of closed lists > This certainly underscores that very few flaws need vendor-sec > coordination, but I would suspect that out of those roughly 725 flaws, > many of the really critical ones came through vendor-sec. Actually, not so much. Of the flaws we rated impact critical or with a CVSS of 'high', only 4 were from that 29 from vendor-sec. > I'm also curious what "issues already public but found out about it on > vendor-sec" means? It's where the date the issue was public is the same date it was reported to vendor-sec. This can be because it was brought to the wrong list, the embargo was a day or less, or less often vendors wanted to discuss something about it confidentially (a way to exploit it, etc) Mark
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.