|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [CVEPRI] Increasing numbers and timeliness of candidates
For reference and further discussion, here are some usable statistics that show what's been happening. Column 1 is the date on which the candidates were proposed. Column 2 is the number of candidates that were proposed on that date. Column 3 is the number of candidates that had been publicly announced between 0 and 30 days before they were proposed to the Board. The other columns represent other date ranges. PROPOSED #cans 0-30 31-60 61-90 90+ -------- ----- ---- ----- ----- --- 20000111 43 41 0 1 1 20000125 43 43 0 0 0 20000208 50 50 0 0 0 20000215 1 0 0 1 0 20000216 14 14 0 0 0 20000223 15 15 0 0 0 20000322 58 53 5 0 0 20000412 22 21 1 0 0 20000426 54 54 0 0 0 20000518 37 28 2 0 7 20000524 22 0 0 0 22 20000615 92 49 43 0 0 20000712 98 32 66 0 0 20000719 53 50 3 0 0 20000803 55 55 0 0 0 20000921 127 32 91 4 0 20001018 68 1 56 10 1 20001129 190 26 116 45 3 20001219 111 57 53 1 0 20010202 106 16 87 2 1 20010214 56 18 23 0 15 20010309 83 22 57 4 0 20010404 79 7 47 23 2 20010524 167 35 88 40 4 20010727 127 8 35 31 53 20010829 60 11 1 23 25 20010912 583 0 0 0 583 20011012 84 12 6 5 61 20011122 71 43 5 4 19 20020131 234 18 27 53 136 20020315 237 26 35 62 114 20020502 331 33 17 120 161 In early 2000, I was clearly focused on handling new issues. As the volume increased to 100+ CANs (Sep 2000 and on), the 31-60 and 61-90 delays started increasing. The total number of issues being proposed within 0 and 60 days was pretty high during the first half of 2001, when we were processing legacy submissions in addition to handling new submissions; new submissions were a higher priority. During Summer 2001, the number of 0-60 day issues dropped dramatically as we focused on the legacy candidates. September 2001 is obviously the legacy candidates. The efforts to get the legacies out caused a backlog in the more recent candidates. The remainder of the stats show the impact that that backlog had. We started generating many more candidates per month to catch up. We are producing at higher rates than we did before, especially in the last 3 months, but the backlog was dragging us down. Our output has increased dramatically, but we have not been able to achieve timeliness like we wanted to. I believe that the bulk of the backlog is gone, so the numbers should start moving to the left, although the next few months may still see considerable numbers in the 61-90 and 90+ day range. However, we are (fortunately) producing content on a monthly basis that exceeds the current monthly rate of new vulnerabilities. - Steve
|
||||
