[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE program priorities





On Tue, Dec 22, 2015 at 1:46 PM, Boyle, Stephen V. <sboyle@mitre.org> wrote:

Hi Kurt,

 

Kurt wrote:

> What is the purpose of CVE?

 

Excellent question.

 

The short answer is that having a comprehensive official list of all assigned CVEs is a “must-have,” otherwise security product vendors and other “CVE integrators” wouldn’t be able to effectively find all assigned CVEs, much less integrate them into their products.


So two comments:

1) when and how do you plan to address the backlog of 11,000+ CVE's currently not in the database? You say this is a "MUST-HAVE" and yet we've lived without it for 10+ years. 

2) When do you plan to make the database properly index-able by search engines, it's 2015, usually if you want to share something publicly you let the search engines index it.


 

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: 
secalert@redhat.com




--

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com

Page Last Updated or Reviewed: December 28, 2015