What I learned from early CVE entries

Posted by jericho Mon, 09 Nov 2009 10:16:00 GMT

This post is the farthest thing from picking on or insulting CVE. They were running a VDB some four years before OSVDB entered the picture. More impressive, they operated with a level of transparency that no other VDB offered at the time. Early OSVDB entries suffered just as greatly as the early CVE entries, and we even had the benefit of four years to learn from their efforts. Reading the original CVE entries is a fun look at how it all began. This post is a brief light-hearted look at the past.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0345 - CVE contributors can be stumped

http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0465 - Client side vulnerabilities aren't an issue.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0285 - No reference, no problem!

http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0549 - ISS tried desperately to help.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0684 - A CVE entry can be a duplicate of itself.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0151 - We miss colorful CVE commentary.

Posted in  | Tags , ,  | 1 comment

Comments

Leave a response

  1. Steve Christey said 10 days later:

    These are great examples of how little we knew when starting CVE! These also show how much effort can go into a description behind the scenes.

RSS feed for this post

(leave url/email »)

   Comment Markup Help Preview comment