Re: tracking security issues without CVEs
On Sun, Mar 6, 2016 at 12:33 PM, Brian May wrote:
> Just wondering if there is some other way we can track security issues
> for when CVEs are not available.
> For example, if there are no CVEs are we able to use OVEs instead?
This sounds like a good idea to me.
Do you know of any issues where OVEs were used?
Is there any project who uses them regularly?
I wonder if we should be discussing this more widely, for example on oss-sec?
> Thinking of imagemagick here, it has a lot of security issues, and
> requests for CVEs are not getting any responses.
It sounds like Mitre has quite a backlog: