[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sources List and Some Updates

To: "Mann, Dave" <damann@mitre.org>
Subject: Re: Sources List and Some Updates
From: Art Manion <amanion@cert.org>
Date: Wed, 27 Jun 2012 12:25:34 -0400
CC: cve-editorial-board-list <cve-editorial-board-list@LISTS.MITRE.ORG>
Delivery-Date: Wed Jun 27 12:29:15 2012
In-Reply-To: <2F43C4D2BE8AD24C8AC17D8C64B379B3012C2AB7@IMCMBX01.MITRE.ORG>
List-Help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
List-Owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
List-Subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
List-Unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
OpenPGP: id=36C268A3
References: <2F43C4D2BE8AD24C8AC17D8C64B379B3012C2AB7@IMCMBX01.MITRE.ORG>
Sender: <owner-cve-editorial-board-list@LISTS.MITRE.ORG>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:13.0) Gecko/20120614 Thunderbird/13.0.1

Hi Dave,

On 6/27/12 11:38 AM, Mann, Dave wrote:

> FULL COVERAGE SOURCES - OTHER
> =============================
> US-CERT: Technical Cyber Security Alerts

> PARTIAL COVERAGE SOURCE - VENDOR RELATED
> ========================================
> US-CERT: Vulnerability Notes

Please either swap these, or move US-CERT: Vulnerability Notes to "full
coverage."

74% (average since 2009) of vulnerability notes (5+ per month) are based
on private reports to CERT, which means those vulnerability notes are
effectively an initial source of a public disclosure, and often already
have a CVE ID.

US-CERT: Technical Cyber Security Alerts are actually more likely to be
"republishing" on a Microsoft patch Tuesday release or similar.  Times
have changed since the days of CERT Advisories...

 - Art

References:
- Sources List and Some Updates
  - From: "Mann, Dave" <damann@mitre.org>

Prev by Date: Sources List and Some Updates
Prev by thread: Sources List and Some Updates
Index(es):
- Date
- Thread