|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: CVE Information Sources & Scope
On Fri, 7 Oct 2011, Carsten Eiram wrote: >> AIX > + M (IBM in general) I agree with IBM in general. Note that the ISS X-Force branch of IBM sometimes uses their vulnerability database as a first point of publication. >> Full Disclosure > + N (from a CVE perspective the noise ratio is too high to consider it > "must have" - most relevant info is also sent to bugtraq and if not then > it will still be caught by the VDBs and can be spotted there). Agree on all points. >> SANS Mailing List (Qualys) > + I I have always intended to examine this list to see if it had anything unique, but never got around to it... >> Neohapsis (Security Threat Watch) > + I I'm not sure this exists anymore? Though Neohapsis was one of the major sources for CVE information in the early 2000's... - Steve
|
||||
