Methods for validating the current CVE
I like Russ' idea of reviewing the current CVE entries in the mailing
list, but there really is an awfully large number to deal with.
However, I think there are lots of entries where there should be no
(or little) debate. We may be able to quickly agree on a relatively
large percentage of the current entries. Still, 8 per day for a month
only covers about 35% of the vulnerabilities.
I believe there are probably about 50 to 100 entries that could be
"hot topics" or require some degree of change. I could create a
default form and post a few "controversial candidates" per day to the
list. What do people think?