[VIM] Tuesday flood
security curmudgeon
jericho at attrition.org
Wed Feb 14 20:22:05 EST 2007
: I like Brian's idea (perfect storm, brilliant!), and it feels like a
: pattern, but... does anybody have the data to figure this out
: automatically without manual data collection? CVE keeps the initial
: disclosure date and that's about it, so at best, we could only spot
: disclosures that came from vendor advisories. We don't record when each
: vendor actually released an advisory. Brian Krebs probably has some
: data on that, but only for a couple vendors.
OSVDB tracks disclosure date, based on the vendor advisory. If the vendor
advisory is for an issue already disclosed, we track the disclosure date
based on the initial disclosure, not the advisory.
More information about the VIM
mailing list