[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE for hosted services

On Wed, 22 Feb 2017, Pascal Meunier wrote:

: I'm afraid that the description of the entries, for issues on 
: like facebook.com, would be typically very vague and unverifiable.  
: rather annoyed by existing entries that read like "a problem in X, 
: different from CVE-1234-5678 and CVE-1234-7890".  What is the issue? 
: What lessons could be learned from this?  What should we teach not to 
: do, or teach to do better?  No idea.

Good point.

Also consider that such descriptions would almost never carry version 
information and be based more on *approximate* dates. We often hear 
Facebook "fixed a vuln" but days or weeks after it really happened. 
versions are a huge tool for determining potential duplicate issues, 
without that would be painful.


Page Last Updated or Reviewed: February 23, 2017