CVE信息来源和范围

各位,我已经在一次会议上,就这样想我就会推动谈话关于CVE前进。我们真的需要进一步推动范围的问题我们可以讨论员工之前,速度和质量问题。下面(在我的签名文件)的列表是可能的CVE可以使用的信息来源。这个列表并不意味着齐全,甚至陷害最有帮助的方式。但是,我想要得到某种形式的细节,培养更多的讨论。我组织这个分成4组:政府信息来源,CNA发表信息,Non-CNA供应商报告,邮件列表和一家。每个子列表,请审查和分类每个信息来源:+一定+高兴+应该被忽略的码尺考虑这些,CVE需要捕捉漏洞从这个来源为了full-fill章程?同样的,如果你看到任何“必须”或“高兴”的信息来源,请将它们添加到列表和戴夫= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = David Mann | |主要信息安全科学家斜方公司- - - - - - - - - - - manbetx客户端首页- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -电子邮件:damann@mitre.org |单元:781.424.6003 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =政府信息来源us - cert警告(又名CERT-CC报告)us - cert脆弱性笔记(CERT-CC) us - cert公告(又名Cyber-Notes)国防部IAVAs NISCC AUS-CERT CIAC CNA的出版资料CMU / CERT-CC微软RedHat Debian Apache苹果OSX Oracle Solaris Non-CNA供应商报告Suse Mandriva hp - ux上合组织AIX思科IOS自由BSD开放BSD净BSD Gentoo (Linux) Ubuntu (Linux)邮件列表和一家Bugtraq Vuln-Watch VulnDev充分披露安全重点安全追踪OSVDB ISS X-Force FRSIRT Secunia包风暴SecuriTeam无邮件列表(Qualys) Neohapsis(安全威胁的手表)