[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Open Letter on the Interpretation of "Vulnerability Statistics"
- To: "Steven M. Christey" <coley@xxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Open Letter on the Interpretation of "Vulnerability Statistics"
- From: Georgi Guninski <guninski@xxxxxxxxxxxx>
- Date: Fri, 6 Jan 2006 22:18:51 +0200
On Fri, Jan 06, 2006 at 02:53:56PM -0500, Steven M. Christey wrote:
> According to the definitions proposed by Brian Martin of OSVDB, CVE is in
> fact a database - HOWEVER it is a highly specialized one intended for
> correlation and comparison across multiple tools and products. That said,
> 90% of its consumers do not use it for that reason. The FAQ should
> probably be rephrased a bit.
>
hahahahahaha, "a responsibility rfc government funded
expert" wrote.
http://lists.grok.org.uk/pipermail/full-disclosure/2003-August/008386.html
>>So you are collecting 0days for free, put them in a lame database and
>>whine more than a script kiddie this is a hard job?
>I don't view it that way.
>
>1) CVE is not a vulnerability database, per the FAQ on the CVE web
> site at http://cve.mitre.org/about/faq.html#A7 (though we are not
> blind to the fact that some people try to use it as a database
> anyways).
--
where do you want bill gates to go today?
junk:
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/