|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Sources: Full and Partial Coverage
- To: Gaus <gaus@cisco.com>
- Subject: Re: Sources: Full and Partial Coverage
- From: Art Manion <amanion@cert.org>
- Date: Tue, 12 Jun 2012 09:52:47 -0400
- CC: Adam Shostack <adam@homeport.org>, security curmudgeon<jericho@attrition.org>, cve-editorial-board-list<cve-editorial-board-list@LISTS.MITRE.ORG>
- Delivery-Date: Tue Jun 12 09:55:02 2012
- In-Reply-To: <20120612103815.GK576@MacGaus.cisco.com>
- List-Help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-Owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-Subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-Unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- OpenPGP: id=36C268A3
- References: <2F43C4D2BE8AD24C8AC17D8C64B379B316E94C@IMCMBX01.MITRE.ORG> <CBD696D8.32CFA%kent_landfield@mcafee.com> <2F43C4D2BE8AD24C8AC17D8C64B379B3172CB9@IMCMBX01.MITRE.ORG> <D7A0423E5E193F40BE6E94126930C4930B994ABB80@MBCLUSTER.xchange.nist.gov> <20120518104737.GT9865@MacGaus.cisco.com> <alpine.LNX.2.00.1205181251230.11561@forced.attrition.org> <20120521133539.GD9865@MacGaus.cisco.com> <20120611160702.GC29160@homeport.org> <20120612103815.GK576@MacGaus.cisco.com>
- Sender: <owner-cve-editorial-board-list@LISTS.MITRE.ORG>
- User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
On 2012-06-12 06:38 , Damir Rajnovic wrote: > This is interesting situation you are describing. Here is how I see a potential > scenario being played out. We select to cover products and SHINY is one of > them. To get vulnerabilities in SHINY we select Contagio as the source. > Things are working fine but Contagio is also providing information about > other products that are not on our list. The question is what to do with > this extra information? Is this what you are trying to illustrate? My read of this is that vulnerabilities included in exploit kits warrant CVE IDs. Again, we're doing a bit of a jump from "criteria for vulnerabilities to be included in CVE" to "sources that generally meet the criteria." But this one is pretty effective IMO. criteria: product SHINY source: vendor security page for SHINY criteria: things that are getting exploited source: Contagio, exploit db criteria: things that affect lots of users source: bugtraq? (which also contains things that don't meet this criteria) There aren't always going to be sources that directly map to criteria. So I think it's good for CVE to have criteria, and a list of sources. CVE is going to have to do some of the drudge work filtering through bugtraq/full-disclosure for things that meet the criteria (at least some of this can be computer-assisted). - Art
- Follow-Ups:
- Re: Sources: Full and Partial Coverage
- From: Adam Shostack <adam@homeport.org>
- Re: Sources: Full and Partial Coverage
- References:
- Re: Sources: Full and Partial Coverage
- From: Adam Shostack <adam@homeport.org>
- Re: Sources: Full and Partial Coverage
- From: Damir Rajnovic <gaus@cisco.com>
- Re: Sources: Full and Partial Coverage
- Prev by Date: Re: Sources: Full and Partial Coverage
- Next by Date: Re: Sources: Full and Partial Coverage
- Prev by thread: Re: Sources: Full and Partial Coverage
- Next by thread: Re: Sources: Full and Partial Coverage
- Index(es):