Hello, I'm a Ph.D. candidate in UC (Portugal) working with Xen's vulnerability discovery process, right now focusing on modeling, and I'd like to understand the process before the disclosure (by XSA or CVE/NVD).
It would be nice to have a more precise date that traces a vulnerability (XSA) to its discovery rather than the public release date. Currently, I'm parsing any references from NVD/CVE and analyzing the dates. For older XSA, this works better than from newer ones. Is there any other place that I could find this information? Atenciosamente, *Charles Ferreira Gonçalves *