Tool Mapping Update
Just as an update, Dave and I are still looking into the appropriate
way to provide vendors with mappings for their own tools. Resolving
that issue is our biggest priority at the moment, and we are trying to
get rapid answers to facilitate this.
If anyone has a problem with MITRE providing a vendor with a mapping
for their tool *only* (with some restrictions to prevent possible
"abuse" of those mappings), then please speak up now, as we hope to
get this issue resolved in the next few days.
For anyone who's maintaining a database, note that there is an
advanced search script that is more effective than the script I
provided you in the initial CVE distribution. This search script
takes in a list of vulnerability descriptions (one per line) and
prints the N best matches for that input text, using weighted
keywords. It is usually very effective (printing the correct match as
a #1 or #2 choice, usually) and could reduce the amount of work to
create an initial mapping down to a few hours. An alternate approach
would be to provide everyone with this script so they can use it on
their own tools.