Is AppSec largely dealing w/ a legacy or new-code vulnerability problem? We need data for WHEN vuln code first landed in the repository.
-
-
Replying to @jeremiahg
@jeremiahg something that any mature VDB should be tracking. VulnDB from@riskbased tracks that metric, when available.1 reply 0 retweets 0 likes -
Replying to @attritionorg
@attritionorg@riskbased it is tracked to some extent, but not really. Like, a random one-off SQLi or XSS vuln in some retail website.1 reply 0 retweets 0 likes -
Replying to @jeremiahg
@jeremiahg@riskbased it's tracked as best as possible, based on that info being available (which is pretty rare in the big picture)1 reply 0 retweets 0 likes -
Replying to @attritionorg
@attritionorg@riskbased yah, in your part of the world — there is some data. In custom webapp vulns, right now… it’s zip. We’re blind.3 replies 0 retweets 1 like
@jeremiahg @riskbased no motivation or standard for disclosing the vulns, let alone that kind of metadata
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.