On Sat, Jan 10, 2004 at 11:33:57AM -0800, Jeremy C. Reed wrote:
> Just because ten vendors provide fixes or report vulnerabilities in same
> software, that is only one single issue.
i didn't read the text, but I suppose they would have already learned that
by now. What has to be done is some table organizing the impact some
vulnerability has/had, and also compare the number of programs shipped with
each OS. A vulnerability in some apache module which only applies when
compiled with debug mode enabled, and even so only yelds "www" privileges
can't be put on the same table as a vulnerability which yelds instant remote
root access (just an example).
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
