Date: Sun, 30 Dec 2012 18:16:42 +0200 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Subject: Re: Isearch insecure temporary files On Sat, Dec 29, 2012 at 08:53:42PM -0700, Kurt Seifried wrote: > One random thought, might it be worth adding structured data to CVE > that basically says when the issue was made public/reported to the > upstream and when upstream 1) acknowledged it (if ever) and then they > patched it (if ever) and when they shipped a fixed version (if ever). > Obviously then you could simply parse for the time between date > reported and date acknowledged/patched/fixed and see how > healthy/responsive the upstream is. Yes, that would be really useful data with CVEs. OSVDB is collecting that already. That is not easy task btw. - Henri Salo
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.