Re: On the usefulness of the remote column

[Michael Gilbert <michael.s.gilbert@gmail.com>]

On Thu, 11 Feb 2010 19:02:15 +0100 Florian Weimer wrote:

> * Michael Gilbert:
> 
> > I'm not sure if the "Remote" column in the tracker has any use at all
> > anymore. Its value is always 0 in the sql database, so it's always
> > shown as "no" (except for when the issue is not in the database, and
> > then it is shown as blank, which doesn't really convey anything
> > meaningful). It never says "yes".
> 
> Have you checked if NIST has somehow changed the schema in its XML
> export?  That's where this data comes from.

I just finished looking into this.  NVD did change their tags, adding
a new one in the process called "local_network". From [0], it means:

  Indicates that this vulnerability can be exploited by an attacker
  with remote access within the local area network of the machine and
  the user is specifically not authenticated on the target machine.

So, I've just commited a change to support this.  I've combined both
"local_network" and "network" into "remote" since I don't really see
the difference, and can't imagine any practical reason to treat them
differently.  I also cleaned up some unused code, and made some changes
to the tracker page to clean things up a bit.

May I request this to be pushed to the live tracker.  Note that my
other recent changes are also waiting to be pushed live as well.

Thanks,
Mike

[0] http://nvd.nist.gov/download/nvdcve-xmldoc.cfm