On Wed, 1 Apr 2009, Michael S. Gilbert wrote: > like i said, this gets pulled in automatically from the Mitre database, > and there really isn't anything debian can do about their tardiness.
fyi, i asked the following question to Mitre: The CVE pages and feeds on Mitre's site are very tardy. They get updated days to weeks behind the NVD pages. Are there any plans to improve the timeliness of these updates? and got the following response: Hello, Lately, we have been updating the CVE web site about 3 times per week. There have been one or two situations where the delay between updates has been about once a week, but I think it's fairly rare. I hope this correlates with your experience. Even though it's not always daily, this is still a significant improvement over previous years, in which updates would occur once a week or less. For the CVE data updates, our security processes require manual steps as part of a defense-in-depth strategy. it looks like they have no intention of keeping their databases in sync with NVD. for me, this is strong evidence that a switch to NVD is necessary. Joey, if you send me the existing Mitre scripts, I will take a look at modifying them for NVD. mike -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
