CVE必备的报道

各位,下面,请找到一套比较稳定的脆弱性来源。我试图捕捉最好的共识(不是纯选票但关闭)。请检查列表和大声叫喊,很快如果你看到你不能忍受的东西。这是一个活生生的文档没有什么是一成不变的。仍然获得一定程度的协议范围是必要的第一步。我特别关注几乎完全缺乏桌面或企业软件包被称为供应商。但绝不多数列出一些。对我言外之意是,我们非常依赖non-vendor来源来阐明这些类型的软件。戴夫= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = manbetx客户端首页= = = = = = = = = David Mann | |主要信息安全科学家斜方公司- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -电子邮件:damann@mitre.org |单元:781.424.6003 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = CVE漏洞信息来源——优先级政府及相关信息来源必须us - cert警告(又名CERT-CC报告)us - cert脆弱性笔记(CERT-CC) us - cert公告(又名Cyber-Notes) CMU / CERT-CC国防部IAVAs高兴NISCC AUS-CERT能源部保监会(原名CIAC)供应商发布的信息必须有微软RedHat Apache苹果OSX Oracle Solaris Suse Mandriva hp - ux AIX思科IOS自由BSD开放BSD净BSD Gentoo (Linux) Ubuntu (Linux) Adobe Mozilla Google Chrome高兴Debian上合组织思科邮件列表和一家必须Bugtraq充分披露安全重点安全追踪OSVDB Oss-security高兴ISS X-Force FRSIRT (VUPEN) Secunia SecuriTeam Metasploit Snort Contagiodump.blogspot.com忽略Vuln-Watch VulnDev包风暴无邮件列表(Qualys)] Neohapsis(安全威胁的手表)