@attritionorg @kurtseifried @wireghoul codevigilant was a large-scale experiment with, shall we say, mixed results. Might not repeat
-
-
Replying to @SushiDude
@SushiDude@attritionorg@kurtseifried@wireghoul If i may say so@CodeVigilant second lot will be out soon with another 100+ issues.1 reply 0 retweets 0 likes -
Replying to @anantshri
@anantshri@SushiDude@kurtseifried@wireghoul@CodeVigilant if you have influence, can future advisories indicate stored vs reflected?3 replies 0 retweets 0 likes -
Replying to @attritionorg
@CodeVigilant also, plugins may inherit vulns from 3rd-party components (magpie?) which need more investigation@anantshri@attritionorg1 reply 0 retweets 0 likes -
Replying to @SushiDude
I agree
@SushiDude that we have started some checks at our end and next set will take care of it.@anantshri@attritionorg1 reply 0 retweets 0 likes -
Replying to @CodeVigilant
@SushiDude@attritionorg There is a section http://codevigilant.com/category/a9-using-components-with-known-vulnerabilities/ … to deal with such disclosures specifically@anantshri2 replies 0 retweets 0 likes -
Replying to @CodeVigilant
.
@CodeVigilant in CVE,@OSVDB, etc. we use an ID for the vuln component, not mult IDs for each product using it@attritionorg@anantshri1 reply 0 retweets 0 likes -
Replying to @SushiDude
@SushiDude agreed, That's why all entries in A9 will list prior CVE assignment, update already in process@anantshri@OSVDB@attritionorg1 reply 0 retweets 0 likes -
Replying to @CodeVigilant
@CodeVigilant@SushiDude@anantshri@OSVDB depending on how you ask for assignment, CVE can issue a new one for old issue w/o realizing1 reply 0 retweets 0 likes -
Replying to @attritionorg
@attritionorg got the point, intent from start was not to ask for CVE in A9 issues,but report & catalog it@CodeVigilant@SushiDude@OSVDB2 replies 0 retweets 0 likes
@anantshri @CodeVigilant @SushiDude @OSVDB excellent. if you share details, CVE can weed those out faster than researchers usually
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.