Jean Christophe ANDRÉ wrote: > I can see on http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0077 > that this is still a candidate, but assigned since 2004.01.19, so this is > probably ok...
Candidate name assignment can occur in blocks. It's not necessary that a name is associated with a particular vulnerability on the day it was assigned. Therefore, the assignment date is not a reliable indicator for the date the vulnerability was discovered or disclosed to vendors. > But, it would be better if this "for security reasons" delay had been > made clear into the announcement, IMHO. Yes, disclosure timelines are interesting, sometimes downright shocking (look at a few timelines from iDefense).
