oss-sec mailing list archives

Re: Vendor-sec hosting and future of closed lists

From: Mark J Cox <mjc () redhat com>
Date: Fri, 4 Mar 2011 08:08:03 +0000 (GMT)

This certainly underscores that very few flaws need vendor-sec
coordination, but I would suspect that out of those roughly 725 flaws,
many of the really critical ones came through vendor-sec.

Actually, not so much. Of the flaws we rated impact critical or with aCVSS of 'high', only 4 were from that 29 from vendor-sec.

I'm also curious what "issues already public but found out about it on
vendor-sec" means?

It's where the date the issue was public is the same date it was reportedto vendor-sec. This can be because it was brought to the wrong list, theembargo was a day or less, or less often vendors wanted to discusssomething about it confidentially (a way to exploit it, etc)


Mark

Current thread:

Re: Vendor-sec hosting and future of closed lists, (continued)
- - - Re: Vendor-sec hosting and future of closed lists Eugene Teo (Mar 15)
    - Re: Vendor-sec hosting and future of closed lists Mike O'Connor (Mar 15)
    - RE: Vendor-sec hosting and future of closed lists Menkhus, Mark (GSE Security HP SSRT) (Mar 15)
    - Re: Vendor-sec hosting and future of closed lists Eugene Teo (Mar 15)
    - RE: Vendor-sec hosting and future of closed lists Menkhus, Mark (GSE Security HP SSRT) (Mar 16)
    - Re: Vendor-sec hosting and future of closed lists Eugene Teo (Mar 16)
    - RE: Vendor-sec hosting and future of closed lists Mark J Cox (Mar 16)
    - Re: Vendor-sec hosting and future of closed lists Mike O'Connor (Mar 16)
    - Re: Vendor-sec hosting and future of closed lists Dan Rosenberg (Mar 03)
    - Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 03)
    - Re: Vendor-sec hosting and future of closed lists Mark J Cox (Mar 04)
    - Re: Vendor-sec hosting and future of closed lists David Hicks (Mar 04)
    - Re: Vendor-sec hosting and future of closed lists Nelson Elhage (Mar 04)
    - Re: Vendor-sec hosting and future of closed lists Steven M. Christey (Mar 04)
- Re: Vendor-sec hosting and future of closed lists Josh Bressers (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Kees Cook (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Solar Designer (Mar 03)
  - Re: Vendor-sec hosting and future of closed lists S.P.Zeidler (Mar 05)
    - Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 05)
    - Re: Vendor-sec hosting and future of closed lists S.P.Zeidler (Mar 06)
  - Re: Vendor-sec hosting and future of closed lists Matthieu Herrb (Mar 06)

(Thread continues...)