Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Mark J Cox <mjc-H+wXaHxf7aLQT0dZR+AlfA <at> public.gmane.org>
Subject: Re: Vendor-sec hosting and future of closed lists
Newsgroups: gmane.comp.security.oss.general
Date: Friday 4th March 2011 08:08:03 UTC (over 6 years ago)
> This certainly underscores that very few flaws need vendor-sec
> coordination, but I would suspect that out of those roughly 725 flaws,
> many of the really critical ones came through vendor-sec.

Actually, not so much.  Of the flaws we rated impact critical or with a 
CVSS of 'high', only 4 were from that 29 from vendor-sec.

> I'm also curious what "issues already public but found out about it on
> vendor-sec" means?

It's where the date the issue was public is the same date it was reported 
to vendor-sec.  This can be because it was brought to the wrong list, the 
embargo was a day or less, or less often vendors wanted to discuss 
something about it confidentially (a way to exploit it, etc)

Mark
 
CD: 3ms