[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: tracking security issues without CVEs

On Sun, Mar 6, 2016 at 12:33 PM, Brian May wrote:

> Just wondering if there is some other way we can track security issues
> for when CVEs are not available.
> For example, if there are no CVEs are we able to use OVEs instead?
> http://www.openwall.com/ove

This sounds like a good idea to me.

Do you know of any issues where OVEs were used?

Is there any project who uses them regularly?

I wonder if we should be discussing this more widely, for example on oss-sec?

> Thinking of imagemagick here, it has a lot of security issues, and
> requests for CVEs are not getting any responses.

It sounds like Mitre has quite a backlog:




Reply to: