|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] Open Source Vulnerability Database Opens for Public Access
sullo
cirt.net
Date: Fri Apr 02 2004 - 23:59:16 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Quoting Rodney Thayer <rodneycanola-jones.com>:
> It's from an organization (the Open Security Foundation) that's
> not listed on the web, that doesn't disclose who it's officers are,
> doesn't explain if it's a legal entity or not, etc.
The OSF is being set up right now and will be an official non-profit
organization. Information can be found about it on both osvdb.org and
http://opensecurityfoundation.org/
> From the web site:
>
> <mailto:sullocirt.net>Chris Sullo - Chris has been involved with the
> project from the very beginning and has recruited key members to the project.
> He currently handles and approves all new vulnerabilities
If you are referring to the "all new" at that stage--yes, that is a place where
we need a new, trusted source to help. But this step just allows an entry to
be listed as NEW so that a mangler may work it. It still must go through at
least one mangler and a moderator before it is ever seen on the public site.
> ... which is approximately the same precise description you get if
> you ask about the structure of CVE.
CVE is just a catalog of entries and does not have the level of detail OSVDB
provdes. We are using the CVE reference to tie entries together, connecting our
data to Snort/Nessus/Nikto/etc.
Regards,
Sullo
--
http://www.cirt.net/ | http://www.osvdb.org/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]