[VIM] Secunia has now put ALL vulnerability info behind login?
Christey, Steven M.
coley at mitre.org
Wed Apr 30 18:35:17 CDT 2014
Late Tuesday night, I made a direct inquiry to Secunia, since I also have questions about the EULA. If CVE discovers a cross-reference through Secunia or integrates some description details, it seems it could be a violation. I haven't heard back yet.
SecurityFocus, OSVDB, and now Secunia have all restricted access in one form or another. While I recognize there are numerous reasons for doing so, hopefully this trend won't continue, and hopefully we VDB specialists can figure out the best model(s).
Scott and Ken - not to put you *too* much on the spot, but since your VDBs are closely attached to your products, I'm wondering if you have a different business model and less of an existential threat than the "vuln intelligence" VDBs do?
- Steve
>-----Original Message-----
>From: vim-bounces at attrition.org [mailto:vim-bounces at attrition.org] On
>Behalf Of Williams, James K
>Sent: Monday, April 28, 2014 12:30 PM
>To: Vulnerability Information Managers
>Subject: Re: [VIM] Secunia has now put ALL vulnerability info behind login?
>
>See sections 6.1 and 6.2 in the EULA on the Community Login signup page.
>https://secunia.com/community/profile
>Figuring out if your use constitutes commercial purposes is only half of
>your problem.
>
>All reference links to secunia.com are effectively dead now unless your
>site visitors have a Secunia account.
>
>Regards,
>Ken
>
>-----Original Message-----
>From: vim-bounces at attrition.org [mailto:vim-bounces at attrition.org] On
>Behalf Of security curmudgeon
>Sent: Monday, April 28, 2014 11:27 AM
>To: Vulnerability Information Managers
>Subject: Re: [VIM] Secunia has now put ALL vulnerability info behind login?
>Importance: High
>
>
>
>On Mon, 28 Apr 2014, Scott Moore wrote:
>
>: I wonder what constitutes commercial purposes?
>:
>: We reference them with a link to their website, and do not sell our
>: vulnerability data.
>
>Using a link to them as a cross-reference isn't "commercial".
>
>Pretty sure they are combatting the same thing OSVDB has for years, people
>using our entire entries, text and all, in products and services.
More information about the VIM
mailing list