[VIM] interesting thought
security curmudgeon
jericho at attrition.org
Thu May 18 23:13:43 EDT 2006
this would be fairly easy to do on most of our databases, if we set it up
to do so, and is something osvdb will be able to do at some point (its an
existing bugzilla entry). we plan to add a classification tag for
'solution available', which would allow us to list vulnerabilities w/o
solutions only.
i think it will be neat that at any point, anyone can bring up a list of
vulnerabilities with no solutions. the metric and stats for that would be
interesting.
taking it one step farther, having a 'solution date' (also on our
bugzilla) that let you do queries and generate percentages over the
years/months would be great. seeing there were 60% w/o solutions in 1999,
and 80% w/o solutions in 2005 for example. of course, this also requires
the data to be kept up to date pretty hardcore, but still.
More information about the VIM
mailing list