Re: tracking security issues without CVEs
On Sun, Mar 6, 2016 at 12:33 PM, Brian May wrote:
> Just wondering if there is some other way we can track security issues
> for when CVEs are not available.
...
> For example, if there are no CVEs are we able to use OVEs instead?
>
> http://www.openwall.com/ove
This sounds like a good idea to me.
Do you know of any issues where OVEs were used?
Is there any project who uses them regularly?
I wonder if we should be discussing this more widely, for example on oss-sec?
> Thinking of imagemagick here, it has a lot of security issues, and
> requests for CVEs are not getting any responses.
It sounds like Mitre has quite a backlog:
https://marc.info/?i=1456968329.26654.16.camel@bonedaddy.net
https://marc.info/?i=CANO=Ty1YVJf505LzrJ7UtG5YpBys1gabo4Bd0e5h95PUP62Wxg@mail.gmail.com
https://cve.mitre.org/data/board/archives/2015-11/msg00018.html
--
bye,
pabs
https://wiki.debian.org/PaulWise
Reply to: