[VIM] Linking third-party CVSS scores through CVEs (was: "CVENEW" messages to be posted to VIM during NVD outage)
security curmudgeon
jericho at attrition.org
Thu Mar 14 15:38:40 CDT 2013
On Thu, 14 Mar 2013, Noam Rathaus wrote:
: I am all into having one source for all the CVSS scores for CVEs, but
: when this one source doesn't have a fall-back plan or a backup site, it
: kinda makes things difficult to stick around to it.
:
: If you have any alternative or method of still matching CVSS and CVEs
: without going to some other source beside NVD I will be happy to hear
: about it.
Also note, that at *present*, 90% of OSVDB's CVSS scores do come from NVD,
via our initial import.
Just that recently, we've been doing our own because NVD's coverage of
vulnerabilities is way too shallow, and the lag between vuln announcement
and CVSS creation too great.
More information about the VIM
mailing list