[VIM] S at BUN posts
Steven M. Christey
coley at mitre.org
Thu Feb 21 18:04:41 UTC 2008
FYI, for CVE, I'm de-prioritizing most disclosures by S at BUN. This
means that our analysts try to stay away from these disclosures unless
we're running out of new stuff to process. They often take too much
time to research, even with the google-dork reference, just to figure
out if CVE should include them, and they are sometimes too full of
important errors or omissions.
That said - str0ke, one of our analysts noticed that the posts that
make it to milw0rm always seem to be for a likely-distributable
product with at least some information. Do you have some rough
process for handling S at BUN's posts? If you've already done some
degree of verification, that might be enough for us to treat them with
normal priority.
What are others doing, if anything, about these?
- Steve
More information about the VIM
mailing list