gt;> anyway)
>>
>> And then you keep an ear out for critical things that haven't made it to
>> the
>> updates yet anyway.
>>
>> David Lang
>>
>> On Tue, 18 Aug 2015, Paul DiSciascio wrote:
>>
>> > Date: Tue, 18 Aug 2015 07:38:57
Date: Tue, 18 Aug 2015 07:38:57 -0400
> > From: Paul DiSciascio
> > To: tech@lists.lopsa.org
> > Subject: Re: [lopsa-tech] getting a list of critical vulnerabilities
> from the
> > NVD at NIST
> >
> > On a related note, I'd be curious to know how y
8 Aug 2015, Paul DiSciascio wrote:
Date: Tue, 18 Aug 2015 07:38:57 -0400
From: Paul DiSciascio
To: tech@lists.lopsa.org
Subject: Re: [lopsa-tech] getting a list of critical vulnerabilities from the
NVD at NIST
On a related note, I'd be curious to know how you plan to map what's in
t
Once I saw how many critical vulnerabilities there were, I told my client
fuggetaboutit, there's too much to track, instead let's work out how to
keep your systems up to date on OS vendor patches.
On Tue, Aug 18, 2015 at 4:38 AM, Paul DiSciascio
wrote:
> On a related note, I'd be curious to know
;mailto:ricka...@missouri.edu>
ACA | GCWN | GCFA
From: tech-boun...@lists.lopsa.org [mailto:tech-boun...@lists.lopsa.org] On
Behalf Of Aleksey Tsalolikhin
Sent: Monday, August 17, 2015 8:57 PM
To: t...@lopsa.org
Subject: [lopsa-tech] getting a list of critical vulnerabilities from the NV
On a related note, I'd be curious to know how you plan to map what's in
this database to package versions on the systems you're auditing. I
tried to tackle this years ago and determined that there would be too
much manual effort to keep that sort of mapping up to date.
For example, some vulnerabi
n Security and Access Management
>
> Division of Information Technology
>
> University of Missouri
>
> (573) 884-6280 | ricka...@missouri.edu
>
> ACA | GCWN | GCFA
>
>
>
> *From:* tech-boun...@lists.lopsa.org [mailto:tech-boun...@lists.lopsa.org]
> *On Behalf
On Mon, 17 Aug 2015, Aleksey Tsalolikhin wrote:
Hello,
I want to get a list of Critical (CVSS > 7) CVE's for a security
vulnerability assessment for a client.
Scored CVEs are available from https://nvd.nist.gov/download.cfm through a
set of XML feeds. The nice NIST web site says:
A common wa
Hello,
I want to get a list of Critical (CVSS > 7) CVE's for a security
vulnerability assessment for a client.
Scored CVEs are available from https://nvd.nist.gov/download.cfm through a
set of XML feeds. The nice NIST web site says:
A common way to use the feeds is to perform a one-time import
