[Owasp-topten] 2010 RC1 - Sources of Stats
Steven M. Christey
coley at linus.mitre.org
Mon Dec 28 19:33:27 EST 2009
On Tue, 29 Dec 2009, Christian Heinrich wrote:
> I believe Andrew ver der Stock sampled BUGTRAQ but I may be incorrect
> due to my *brief* reading of the mailing list archives.
One thing I forget to mention when I talked about how CVE effectively
samples Bugtraq data, is that none of the established vulnerability DBs
track "site-specific" vulnerabilities, e.g. a CSRF in Facebook. These
kinds of reports show up on Bugtraq and Full-Disclosure, and on sites like
xssed.com (which was out-of-date last time I checked), but I don't know
what stats are available, if any.
More information about the Owasp-topten