oss-sec mailing list archives
Re: Vendor-sec hosting and future of closed lists
From: Mark J Cox <mjc () redhat com>
Date: Fri, 4 Mar 2011 08:08:03 +0000 (GMT)
This certainly underscores that very few flaws need vendor-sec coordination, but I would suspect that out of those roughly 725 flaws, many of the really critical ones came through vendor-sec.
Actually, not so much. Of the flaws we rated impact critical or with a CVSS of 'high', only 4 were from that 29 from vendor-sec.
I'm also curious what "issues already public but found out about it on vendor-sec" means?
It's where the date the issue was public is the same date it was reported to vendor-sec. This can be because it was brought to the wrong list, the embargo was a day or less, or less often vendors wanted to discuss something about it confidentially (a way to exploit it, etc)
Mark
Current thread:
- Re: Vendor-sec hosting and future of closed lists, (continued)
- Re: Vendor-sec hosting and future of closed lists Eugene Teo (Mar 15)
- Re: Vendor-sec hosting and future of closed lists Mike O'Connor (Mar 15)
- RE: Vendor-sec hosting and future of closed lists Menkhus, Mark (GSE Security HP SSRT) (Mar 15)
- Re: Vendor-sec hosting and future of closed lists Eugene Teo (Mar 15)
- RE: Vendor-sec hosting and future of closed lists Menkhus, Mark (GSE Security HP SSRT) (Mar 16)
- Re: Vendor-sec hosting and future of closed lists Eugene Teo (Mar 16)
- RE: Vendor-sec hosting and future of closed lists Mark J Cox (Mar 16)
- Re: Vendor-sec hosting and future of closed lists Mike O'Connor (Mar 16)
- Re: Vendor-sec hosting and future of closed lists Dan Rosenberg (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Mark J Cox (Mar 04)
- Re: Vendor-sec hosting and future of closed lists David Hicks (Mar 04)
- Re: Vendor-sec hosting and future of closed lists Nelson Elhage (Mar 04)
- Re: Vendor-sec hosting and future of closed lists Steven M. Christey (Mar 04)
- Re: Vendor-sec hosting and future of closed lists S.P.Zeidler (Mar 05)
- Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 05)
- Re: Vendor-sec hosting and future of closed lists S.P.Zeidler (Mar 06)