Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Pine.GSO.4.51.0808041304400.23930@faron.mitre.org>
Date: Mon, 4 Aug 2008 13:08:01 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: Thijs Kinkhorst <thijs@...ian.org>
cc: oss-security@...ts.openwall.com,
        "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: source for CVE feed (was: Re: CVE request: httrack
 buffer overflow)


On Mon, 4 Aug 2008, Thijs Kinkhorst wrote:

> Considering your statement we would better be using one of the XML Data feeds
> from http://nvd.nist.gov/download.cfm , right? Or would you recommend another
> feed (e.g. the one where NVD gets its data from)?

NVD's XML data feed is probably the best out there that's publicly
available.  Representatives of CVE-compatible product authors,
vulnerability databases, and software vendors can get direct access to an
email-based feed from MITRE, which is the feed that NVD uses.  MITRE
hasn't opened this to the general public because most people would use it
like a database, and we don't want to compete with other feeds out there.
Guess that's kind of silly these days given that NVD turns it around in 5
minutes, but there it is.

- Steve

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.