[VIM] Tuesday flood

security curmudgeon jericho at attrition.org
Wed Feb 14 20:22:05 EST 2007


: I like Brian's idea (perfect storm, brilliant!), and it feels like a 
: pattern, but... does anybody have the data to figure this out 
: automatically without manual data collection?  CVE keeps the initial 
: disclosure date and that's about it, so at best, we could only spot 
: disclosures that came from vendor advisories.  We don't record when each 
: vendor actually released an advisory.  Brian Krebs probably has some 
: data on that, but only for a couple vendors.

OSVDB tracks disclosure date, based on the vendor advisory. If the vendor 
advisory is for an issue already disclosed, we track the disclosure date 
based on the initial disclosure, not the advisory.



More information about the VIM mailing list