[VIM] OT: Humor - Vulnerability News Spoof

security curmudgeon jericho at attrition.org
Mon Feb 26 01:12:21 EST 2007

Apologies to everyone for my attempted humorous spoof =)


MITRE Announces No New Vulnerabilities in 2006


MITRE Contacts:
Steven "False Again" Christey
Bill "That's False Too!" Heinbockel

Bedford, Massachusetts, January 15, 2007 -- The MITRE Corporation 
announced today after extensive analysis that no new vulnerabilities were 
published in 2006.

Throughout the year of 2006, the ongoing debate between full disclosure 
and responsible disclosure became completely moot. With 6,387 unique 
vulnerability reports made, almost every single one has since been proven 
a false reporting.

"We at CVE have gone over the data and source code for 6,387 vulnerability 
disclosures and have concluded that 6,386 were incorrect and that no 
vulnerability was present. For the 1 report not labeled false, the path 
disclosure issue affected CertBlog 0.3beta if every PHP option was enabled 
and the administrator copied installation files back after they were 
deleted by the program." says CVE lead Steven Christey.

Given the severity of the information, MITRE's CVE collaborated with other 
industry leaders SecurityTracker, milw0rm, Securiteam and OSVDB to 
validate these findings. "Unbelievable" was all str0ke could say about the 
previous year's disclosures. "Like any of us are really surprised?" 
replied Martin, suggesting that this was bound to happen.

As of the time of this press release, there have been no valid 
vulnerabilities disclosed in 2007 either.

More information about the VIM mailing list