Re: [CVEPRI] Progress report on timeliness of CVE

To: "Steven M. Christey" <coley@linus.mitre.org>, cve-editorial-board-list@lists.mitre.org
Subject: Re: [CVEPRI] Progress report on timeliness of CVE
From: Pascal Meunier <pmeunier@cerias.purdue.edu>
Date: Fri, 30 Aug 2002 10:07:18 -0500
Delivery-Date: Fri Aug 30 11:10:05 2002
In-Reply-To: <200208300345.XAA23561@linus.mitre.org>
References: <200208300345.XAA23561@linus.mitre.org>

That's an impressive, incredible performance (300 candidates/month, 
wow!).  The news about candidate reservations make me particularly 
happy given the attitudes expressed at FIRST.  This was mirrored by 
new candidates being detected more often than ever by the CVE Change 
Log mechanism (9 times in August vs 5 in June, 
https://cassandra.cerias.purdue.edu/CVE_changes/).

Glorious.

Pascal


At 11:45 PM -0400 8/29/02, Steven M. Christey wrote:
>All,
>
>Following is a brief progress report on what we are doing with respect
>to making CVE more timely.
>
>1) I am beginning to perform more "out-of-band" candidate reservation
>    for the most serious vulnerabilities, monitoring basic information
>    sources on a near-daily basis.  Typically, this means that they
>    will show up on the CVE server within a few days of announcement.
>
>2) Candidates are being reserved by more parties.  Most notably, Linux
>    vendors are starting to become more involved (thanks in large part
>    to Mark Cox' efforts.)
>
>3) I'm more heavily involved in the refinement phase, and I focus on
>    more recent issues.  Other content team members continue refinement
>    on older issues, plus those that "slip through the cracks" from my
>    own refinements.  It will take a few months to really understand
>    how effective this new approach is going to be.
>
>4) I have begun to conduct a closer "process review" with those team
>    members who do refinement, by consulting with the team member while
>    refinement is happening, in addition to the "editor feedback" that
>    I've mentioned previously.  Initial results suggest that this will
>    help team members to generate content more quickly.  Side-by-side
>    consultation has been difficult due to the geographical dispersion
>    of team members, who may adopt certain practices that are not as
>    efficient as the ones I've developed (and vice versa :-)
>
>5) Candidates are being proposed more often.  Currently, the rate is
>    once a month, which is faster than the every-6-weeks average of the
>    previous year or so.  I will see if we can improve the frequency
>    even more.
>
>The result is that I am about to propose another 300+ candidates, only
>a month after the last proposal.  At this stage, we have generated
>more candidates than we did in all of 2001.  And the recent timeliness
>figures speak for themselves (see below).
>
>- Steve
>
>
>
>PROPOSED #cans   0-30d  31-60d  61-90d  90+
>-------- -----   -----  -----   -----  ----
>20020830   334      98     97     60     79
>20020726   147      66      9     51     21
>20020611   285      43     58     92     92
>20020502   331      49      2    127    153
>20020315   237      40     22     62    113
>20020131   234      40     13     48    133
>20011122    71      46      4      2     19
>20011012    84      22      1      0     61
>20010912   583       0      1      0    582
>20010829    60      14      2     20     24
>20010727   127      32     11     31     53
>20010524   167      50     70     43      4
>20010404    79       9     45     23      2
>20010309    83      27     52      4      0
>20010214    56      12     29      0     15
>20010202   106      21     79      6      0
>20001219   111      60     50      1      0
>20001129   190      29    113     45      3
>20001018    68       3     54     10      1
>20000921   127      32     91      4      0
>20000803    55      55      0      0      0
>20000719    53      53      0      0      0
>20000712    98      36     62      0      0
>20000615    92      47     45      0      0
>20000524    22       0      0      0     22
>20000518    37      28      2      0      7
>20000426    54      53      1      0      0
>20000412    22      21      1      0      0
>20000322    58      54      4      0      0
>20000223    15      15      0      0      0
>20000216    14      14      0      0      0
>20000215     1       0      0      1      0
>20000208    50      50      0      0      0
>20000125    43      43      0      0      0
>20000111    43      41      0      1      1
>19991222    48      19      6      4     19
>19991214    38      20     10      1      7
>19991208    50      43      0      0      7

-- 
Pascal Meunier, Ph.D., M.Sc.
Assistant Research Scientist,
CERIAS
Purdue University

References:
- [CVEPRI] Progress report on timeliness of CVE
  - From: "Steven M. Christey" <coley@linus.mitre.org>

Prev by Date: [PROPOSAL] Cluster RECENT-104 - 37 candidates
Prev by thread: [CVEPRI] Progress report on timeliness of CVE
Next by thread: [PROPOSAL] Cluster MISC-2001-005 - 39 candidates
Index(es):
- Date
- Thread