RE: Sources: Full and Partial Coverage

To: cve-editorial-board-list <cve-editorial-board-list@LISTS.MITRE.ORG>
Subject: RE: Sources: Full and Partial Coverage
From: security curmudgeon <jericho@attrition.org>
Date: Tue, 8 May 2012 13:02:23 -0500
Delivery-Date: Tue May 8 14:03:45 2012
In-Reply-To: <Pine.GSO.4.64.1205081350360.14131@faron.mitre.org>
List-Help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
List-Owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
List-Subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
List-Unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
References: <2F43C4D2BE8AD24C8AC17D8C64B379B316BE3E@IMCMBX01.MITRE.ORG> <1A54A32F70AFF245911642771CB08DC504CB9E@exch-sf-01.ad.ncircle.com> <alpine.LNX.2.00.1205080149430.6920@forced.attrition.org> <1A54A32F70AFF245911642771CB08DC504D51F@exch-sf-01.ad.ncircle.com> <Pine.GSO.4.64.1205081350360.14131@faron.mitre.org>
Sender: <owner-cve-editorial-board-list@LISTS.MITRE.ORG>
User-Agent: Alpine 2.00 (LNX 1167 2008-08-23)

On Tue, 8 May 2012, Steven M. Christey wrote:

: Tim and Brian,
: 
: EDB at least has a field that states whether they've independently 
: verified each issue or not, and it is very commonly referenced, so 
: that's one reason it has more focus than the others.  We do pick up 
: Packet Storm on a fairly regular basis.  We have not examined whether 
: inj3ct0r provides any additional or significant value, or any of the 
: dozens of similar vulnerability databases across the Internet.  The 
: commonality between all these sources increases the workload 
: significantly, so it had evolved (at least to the point of this Board 
: discussion) to more closely watch Exploit-DB than the others.

That is why I would argue for EDB. They have a vetting process in place, 
are quick to remove duplicate or bogus entries, etc. On the other hand, PS 
beats them by volume, but also has a high rate of junk entries (i.e. 
incorrect, very hard to understand, etc). I haven't done a real comparison 
with inj3ct0r, but my quick assessment is there is mostly overlap between 
PS / EDB.

Overall, I agree with the board's decision on EDB.

References:
- Sources: Full and Partial Coverage
  - From: "Mann, Dave" <damann@mitre.org>
- RE: Sources: Full and Partial Coverage
  - From: Tim Keanini <tkeanini@ncircle.com>
- RE: Sources: Full and Partial Coverage
  - From: security curmudgeon <jericho@attrition.org>
- RE: Sources: Full and Partial Coverage
  - From: Tim Keanini <tkeanini@ncircle.com>
- RE: Sources: Full and Partial Coverage
  - From: "Steven M. Christey" <coley@rcf-smtp.mitre.org>

Prev by Date: RE: Sources: Full and Partial Coverage
Next by Date: RE: Sources: Full and Partial Coverage
Prev by thread: RE: Sources: Full and Partial Coverage
Next by thread: RE: Sources: Full and Partial Coverage
Index(es):
- Date
- Thread

Page Last Updated: November 06, 2012

Common Vulnerabilities and Exposures

RE: Sources: Full and Partial Coverage