LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

The future of vendor-sec

The future of vendor-sec

Posted Mar 10, 2011 1:47 UTC (Thu) by cyd (guest, #4153)
Parent article: The future of vendor-sec

> In 2008, 69 issues were found first on vendor-sec, but by 2010 that had dropped to 29. According to Cox, 29 represents just 4% of the total number of vulnerabilities fixed.

Where do the rest come from?

(Log in to post comments)

The future of vendor-sec

Posted Mar 10, 2011 8:50 UTC (Thu) by mjcox@redhat.com (guest, #31775) [Link]

For calendar year 2010, mixing public and embargoed:

235 (32%) from some public mailing list or internet site
177 (24%) from relationships with upstream projects
75 (10%) found by Red Hat
70 (10%) reported to us by 3rd party (secalert@redhat.com or other)
64 (9%) from relationship with other peer vendors
51 (7%) vendor-sec
46 (6%) from the public feed of new CVE names
13 (2%) from some co-ordination service like CERT/CC

(Data taken from https://www.redhat.com/security/data/metrics )

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds