[VIM] Tuesday flood

[Gadi Evron]

On Wed, 14 Feb 2007, Steven M. Christey wrote:
> 
> On Wed, 14 Feb 2007, Gadi Evron wrote:
> 
> > On Wed, 14 Feb 2007, security curmudgeon wrote:
> > >
> > > disclosures from the big vendors and pronouncing this as some 'perfect
> > > storm' of disclosure.
> > >
> > > Al Pacino will star as Steve Christey, Christian Slater as Jericho.
> > >
> >
> > I fear who you will ask to play me.
> 
> Guest starring Gadi Evron as himself, of course!  The DVD commentary by
> the director will be filled with veiled references to "tension on the
> set."
> 
> I like Brian's idea (perfect storm, brilliant!), and it feels like a
> pattern, but... does anybody have the data to figure this out
> automatically without manual data collection?  CVE keeps the initial
> disclosure date and that's about it, so at best, we could only spot
> disclosures that came from vendor advisories.  We don't record when each
> vendor actually released an advisory.  Brian Krebs probably has some data
> on that, but only for a couple vendors.
> 
> On a semi-related note, I breezed through some CVE stats a day or two ago
> to see which days were most popular for disclosure, overall.  It used to
> be Wednesday, but the past couple years it's been Tuesday.  Both Microsoft
> and Oracle release on Tuesdays, so that might be a part of the increase.
> Mozilla released on Tuesday in December and November, but Thursday in
> September and July.  Apple does Tuesdays, but not all the time.
> 
> Friday, Saturday, and Sunday are always at the bottom of the list, in that
> order.  I can dig 'em up if people are interested.

Tuesday sounds like a great day to be honest. Not monday, and most time
until-end-of-week.

I believe maybe OSVDB (with some support we can pull for them together) or
a new joint site can probably allocate release dates for vendors if they
are to be responsible.

I have a feeling I can sell this to Microsoft.

> 
> - Steve
>