|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Do you agree? RE: [TECH] CD:VAGUE (Vague Vendor Descriptions of Vulnerabilities)
At 1:55 PM -0800 2/19/02, David LeBlanc wrote: > >Ah, but we're not very careful to make sure that a problem actually >_exists_ before assigning a CAN to it. There's noise on both ends of the >process. So we should complain about vendors not supplying you with test >exploits and extremely detailed information, but not complain about >vague, poorly written and unreproducible vuln reports that end up in the >CVE? If we're going to start griping about vagueness, let's gripe about >all the vagueness problems, not just some of them. Agreed. I think that low quality CANs made for lack of better information should carry a warning or disclaimer. It doesn't matter if the information comes from the vendor or a discoverer, if there are grounds to suspect it to be dubious. I am willing to let the disclaimer be put at the discretion of the CVE content team. Anyone else agrees to that? Cheers, Pascal -- Pascal Meunier, Ph.D., M.Sc. Assistant Research Scientist, CERIAS Purdue University
|
||||
