|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: CVE Must-Have Coverage
[resending because of bounce] On Thu, 13 Oct 2011, Andrew Balinsky wrote: > Also, perhaps something to track things zero day-ish things that aren't reported to vendors: > http://www.exploit-db.com or similar. FYI, we currently monitor Exploit-DB since it is a good source of raw zero-day-ish information, but it covers mostly low-interest "php-Golf" disclosures and sometimes publishes advisories that prove to be incorrect (not that there's anything wrong with that, it comes with the territory.) As a result, we do not have very high coverage of this source, and things are only given high priority if an exploit-db entry seems to be related to a high-priority product. I suspect that the presence of exploit-DB (and milw0rm before it) have probably contributed more to the growing increase in vuln counts over the years than anything else. - Steve
|
||||
