再保险:指望cf

> - - - - - - - - - - - >从原始信息:owner-cve-editorial-board-list@lists.mitre.org [mailto: owner-cve -发送的安全乖戾的人> > editorial-board-list@lists.mitre.org]代表:8。集市2012 09:57 >:Kent_Landfield@McAfee.com > Cc: cve-editorial-board-list@lists.mitre.org >主题:Re:指望cf > >:我刚刚有一个非常有关讨论的有效性》:cf作为一种手段来衡量今天的漏洞,衰变的>:价值如果这种趋势仍在继续。讨论围绕着>:cf的数量确定精度相比报道》:社区作为一个整体。如果我们看CVE编号,它>:看来,漏洞的数量一直在下降以来>:2008年高。这是一个相当重要的错误。我们都知道,这是>:不准确的。漏洞没有下降,它们生长,>:不下降了30%。> >我不能马上找到它,但这是几年前当>几个人注意到脆弱的下降总数约2008。额外的CVE >考试后,OSVDB, Secunia,我相信,所有四个数据库>显示大致相同的下降。这反过来导致猜测* * >它发生的原因。 I don't recall seeing anyone showing a 5 year trending of > vulnerability counts, as seen through multiple VDBs, but I would honestly > request to see some rough numbers before pursuing this line of discussion > further. I just participated in a panel ("Is it 0-day or 0-care?") at RSAC where I had included some slides on various vulnerability trends based on the Secunia database. I'm not sure if the slides are already publicly available, but else they should be at some point in the near future (if not I'll be happy to provide the slides to anyone interested). Anyway, based on our database the total number of vulnerabilities for the past years were: 2005: 6706 2006: 9915 2007: 7595 2008: 8387 2009: 7773 2010: 9640 2011: 9114 These numbers do not include any fake/invalid vulnerabilities and should only include a very low percentage of dupes (cannot be completely filtered out as a result of how we generate the vulnerability numbers from our advisories). Note that the total is for stable products only as the Secunia database (apart from a few exceptional cases) doesn't cover vulnerabilities in unstable/development products. The same slide also included the trend in the number of SAIDs (Secunia Advisory IDs) issued to cover these vulnerabilities as well as the number of CVEs assigned for these vulnerabilities. While the number of SAIDs isn't interesting to this discussion, the number of CVEs assigned is; there does seem to be a drop in the number of vulnerabilities covered after 2008 (percentage is CVE to vulnerability ratio) and if anything our efforts in ensuring that our SAIDs include CVEs have increased: 2005: 3348 (49,9%) 2006: 5531 (55,8%) 2007: 4443 (58,5%) 2008: 5192 (61,9%) 2009: 3938 (50,7%) 2010: 4122 (42,8%) 2011: 3542 (38,9%) -- Med venlig hilsen / Kind regards Carsten H. Eiram Chief Security Specialist Follow us on twitterhttp://twitter.com/secuniahttp://twitter.com/carsteneiramSecunia日本天皇房子哀叹Langgaards Vej 8 2300年哥本哈根丹麦电话+ 45 7020 5144传真+ 45 7020 5145