[Owasp-topten] 2010 RC1 - Sources of Stats

• Previous message: [Owasp-topten] 2010 RC1 - Sources of Stats
• Next message: [Owasp-topten] 2010 RC1 - Sources of Stats
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 29 Dec 2009, Christian Heinrich wrote:

> I believe Andrew ver der Stock sampled BUGTRAQ but I may be incorrect
> due to my *brief* reading of the mailing list archives.

One thing I forget to mention when I talked about how CVE effectively 
samples Bugtraq data, is that none of the established vulnerability DBs 
track "site-specific" vulnerabilities, e.g. a CSRF in Facebook.  These 
kinds of reports show up on Bugtraq and Full-Disclosure, and on sites like 
xssed.com (which was out-of-date last time I checked), but I don't know 
what stats are available, if any.

- Steve

• Previous message: [Owasp-topten] 2010 RC1 - Sources of Stats
• Next message: [Owasp-topten] 2010 RC1 - Sources of Stats
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]