Re: DSAs really missing from the tracker
On Wed, 1 Apr 2009, Michael S. Gilbert wrote:
> like i said, this gets pulled in automatically from the Mitre database,
> and there really isn't anything debian can do about their tardiness.
fyi, i asked the following question to Mitre:
The CVE pages and feeds on Mitre's site are very tardy. They get
updated days to weeks behind the NVD pages. Are there any plans to
improve the timeliness of these updates?
and got the following response:
Hello,
Lately, we have been updating the CVE web site about 3 times per week.
There have been one or two situations where the delay between updates
has been about once a week, but I think it's fairly rare. I hope this
correlates with your experience.
Even though it's not always daily, this is still a significant
improvement over previous years, in which updates would occur once a
week or less. For the CVE data updates, our security processes require
manual steps as part of a defense-in-depth strategy.
it looks like they have no intention of keeping their databases in sync
with NVD. for me, this is strong evidence that a switch to NVD is
necessary.
Joey, if you send me the existing Mitre scripts, I will take a look at
modifying them for NVD.
mike
Reply to: