[Full-disclosure] SecNiche : Microsoft Internet Explorer Pop up Blocker Bypassing and Dos Vulner
Steven M. Christey
coley at linus.mitre.org
Wed Aug 15 22:10:48 BST 2007
On Wed, 15 Aug 2007, security curmudgeon wrote:
> OSVDB did not begin agressively tracking and cataloging myth/fake
> vulnerabilities until earlier this year.
CVE began a similar practice by using a "** DISPUTED **" or "** REJECT **"
string in the descriptions.
> OSVDB will add legitimate vulnerabilities before myth/fake typically, so
> in some cases they are just at the bottom of the queue.
Same with CVE; so if we've determined that a researcher has a very bad
track record, we'll de-prioritize them on our queue. We don't keep a
specific list of reliable/unreliable researchers, however. A resource
like that would be very useful. Some unreliable researchers do improve,
however.
- Steve
Full-Disclosure is hosted and sponsored by Secunia.