Hi Thijs, * Thijs Kinkhorst <thijs@debian.org> [2008-08-04 20:16]: > Following a short interchange with Steve from Mitre I've discovered that > http://cve.mitre.org/data/downloads/allitems.html.gz probably isn't the best > source to get our CVE's into the tracker. This is known as a problem for quite some time :) Reading the rss feed from NVD for example you get daily updates. > We have the following options: > - Keep the current feed. > It works. But, it's only updated a few times a week, but this may get more > often in the future. While I agree that this may be bad because we get some of the vulnerabilities later I also see a good thing in this. This way we don't have to work on this every day but are able to work on bigger chunks every now and then which may be better unless we have more active people working on new CVE ids. > - The feeds from NVD at http://nvd.nist.gov/download.cfm > They're on-demand so can be integrated into the pull-system that > the tracker currently has (twice daily cronjob pulls in information and > generates new list). > There's a small delay, but that's probably in the order of minutes. > It's an extra step between Mitre and us, which could break. Steve talked about some more regular updates for the MITRE site will happen in this summer. I replied to his mail on oss-sec asking what the current status of this is. Maybe this will work out too. [...] > I'm glad to hear your thoughts on these options: is it fine as is, should we > still update twice a day but with more current data, or should we update any > time we receive an email feed with a handfull of CVE's? Don't get me wrong I also think that getting the useful information earlier is good but on the other hand we already know about most of the important vulnerabilities popping out before we get them through the update (via public mailing lists, vendor-sec, milw0rm, etc.) and most of the rest would be just NFUs for which we don't have enough manpower to handle that on a daily basis. Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgphgd8qCklIA.pgp
Description: PGP signature