Xen-Devel Archive on lore.kernel.org
 help / color / Atom feed
* [Xen-devel] Vulnerability disclosure vs discovery
@ 2020-03-25 10:34 Charles Gonçalves
  0 siblings, 0 replies; only message in thread
From: Charles Gonçalves @ 2020-03-25 10:34 UTC (permalink / raw)
  To: xen-devel, xen-users

[-- Attachment #1: Type: text/plain, Size: 606 bytes --]


I'm a Ph.D. candidate in UC (Portugal) working with Xen's vulnerability
discovery process, right now focusing on modeling, and I'd like to
understand the process before the disclosure (by XSA or CVE/NVD).

It would be nice to have a more precise date that traces a vulnerability
(XSA) to its discovery rather than the public release date.

Currently,  I'm parsing any references from NVD/CVE and analyzing the
dates. For older XSA, this works better than from newer ones.

Is there any other place that I could find this information?

*Charles Ferreira Gonçalves *

[-- Attachment #2: Type: text/html, Size: 896 bytes --]

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, back to index

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-25 10:34 [Xen-devel] Vulnerability disclosure vs discovery Charles Gonçalves

Xen-Devel Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/xen-devel/0 xen-devel/git/0.git
	git clone --mirror https://lore.kernel.org/xen-devel/1 xen-devel/git/1.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 xen-devel xen-devel/ https://lore.kernel.org/xen-devel \
		xen-devel@lists.xenproject.org xen-devel@lists.xen.org
	public-inbox-index xen-devel

Example config snippet for mirrors

Newsgroup available over NNTP:

AGPL code for this site: git clone https://public-inbox.org/public-inbox.git