[VIM] discuss: secunia footnote

security curmudgeon jericho at attrition.org
Wed Jun 1 08:02:14 EDT 2005


Please note: The information, which this Secunia Advisory is based upon, 
comes from third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued 
by security research groups, vendors, and others.

--

This is the footnote of each Secunia entry. Is this the value add of their 
service? Do they *really* do that for each entry?

Collect: check
Validate: ?
Verify: ?

No matter how you cut it, validating and verifying each and every vuln 
seems a stretch. Unless you have a LOT of hardware for testing, a nice 
pipe for the constant downloads, and a HUGE budget for the software and 
hardware (think Oracle, DB2, Cisco, etc) .. this simply is not possible. 
Not to mention the staff present to test all of this.

Thoughts?


More information about the VIM mailing list