CERT is far from a comprehensive source of security bug reports. Does anyone have statistics of bug types for Bugtraq or Mitre's CVE?
I get daily bug reports via FS/ISAC. Most of these are not sufficiently severe or broadly applicable to be CERT advisories. These are mostly application logic issues, but the evidence is I must admit anecdotal. I don't have survey results. -- Viktor. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]