[VIM] Linking third-party CVSS scores through CVEs (was: "CVENEW" messages to be posted to VIM during NVD outage)

security curmudgeon jericho at attrition.org
Thu Mar 14 15:38:40 CDT 2013


On Thu, 14 Mar 2013, Noam Rathaus wrote:

: I am all into having one source for all the CVSS scores for CVEs, but 
: when this one source doesn't have a fall-back plan or a backup site, it 
: kinda makes things difficult to stick around to it.
: 
: If you have any alternative or method of still matching CVSS and CVEs 
: without going to some other source beside NVD I will be happy to hear 
: about it.

Also note, that at *present*, 90% of OSVDB's CVSS scores do come from NVD, 
via our initial import.

Just that recently, we've been doing our own because NVD's coverage of 
vulnerabilities is way too shallow, and the lag between vuln announcement 
and CVSS creation too great.



More information about the VIM mailing list