[VIM] "CVENEW" messages to be posted to VIM during NVD outage

[Noam Rathaus]

Hi,

Anyone knows of an alternative to the nvd db?

Specifically NVD is used by many to obtain the CVSS Score assigned to a
CVE, is there somewhere this information can be obtained from?

On Wed, Mar 13, 2013 at 10:45 PM, Jake Kouns <
jkouns at opensecurityfoundation.org> wrote:

> It seems like NVD has been having trouble with availability for the
> last several weeks.  How many outage have they had and what is the
> total duration at this point?
>
> On Wed, Mar 13, 2013 at 4:35 PM, Christey, Steven M. <coley at mitre.org>
> wrote:
> > As VIM subscribers probably know, the National Vulnerability Database
> >
> > (NVD) is having a temporary outage.  At http://nvd.nist.gov/, NIST
> >
> > says "We are working to restore service as quickly as possible."
> >
> >
> >
> > Many people rely on NVD feeds to learn about newly-updated CVEs.  The
> >
> > CVE web site does not provide such feeds, since that would duplicate
> >
> > NVD functionality.
> >
> >
> >
> > However, the CVE project sends notification emails for newly-updated
> >
> > CVEs to a limited set of CVE-compatible users, often several times a
> >
> > day.  Until NVD service is reliably restored, I will be posting these
> >
> > "CVENEW" messages to the Vulnerability Information Managers (VIM)
> >
> > list.  While they do not contain the extra data that NVD provides,
> >
> > such as CVSS and CPE names, hopefully this will help some people to
> >
> > monitor new CVEs.
> >
> >
> >
> > Note that the VIM list is not the place to post general vulnerability
> >
> > announcements; it is specifically designed for maintainers of
> >
> > vulnerability databases and information services.
> >
> >
> >
> >
> >
> > Regards,
> >
> > Steve Christey
> >
> > CVE Editor
> >
> >
>



-- 
Thanks,
Noam Rathaus
Beyond Security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.attrition.org/pipermail/vim/attachments/20130314/a9f0cea2/attachment.html>