|
|
Subscribe / Log in / New account

Report: Vulnerability type distributions in CVE

Report: Vulnerability type distributions in CVE

Posted Oct 5, 2006 14:59 UTC (Thu) by ordonnateur (guest, #6652)
Parent article: Report: Vulnerability type distributions in CVE

The percentage of "unknown" vulnerabilities - those that could not be classified due to lack of details - is significantly higher in closed source than open source advisories, [...] It should be noted that 10% of issues in open source advisories do not have enough details to classify the problem.
Seems like lazy research to me. If the source code is available, looking at the patches to fix the problem should be enough to classify the problem, even if the advisory is vague.

to post comments

Report: Vulnerability type distributions in CVE

Posted Oct 5, 2006 19:26 UTC (Thu) by jbh (guest, #494) [Link]

Pragmatic, rather. Classifying those 1500 unspecified advisories would take (at a guess) about one man-month.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds