On Sun, May 17, 2015, at 16:02, Roger Marquis wrote: > Does anyone know what's going on with vuln.xml updates? Over the last > few weeks and months CVEs and application mailing lists have announced > vulnerabilities for several ports that in some cases only showed up in > vuln.xml after several days and in other cases are still not listed > (despite email to the security team). > > Is there a URL outlining the policies and procedures of vuln.xml > maintenance? >
I am also interested. I know there is a desire to leverage CPE in the future, but I've seen CPE entries take weeks to show up. Our vuln.xml maintenance has always been pretty solid. Is there a lack of manpower right now? Are there notices/reports not being processed? How can we help? _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
