* [Xen-devel] Vulnerability disclosure vs discovery
@ 2020-03-25 10:34 Charles Gonçalves
0 siblings, 0 replies; only message in thread
From: Charles Gonçalves @ 2020-03-25 10:34 UTC (permalink / raw)
To: xen-devel, xen-users
[-- Attachment #1: Type: text/plain, Size: 606 bytes --]
I'm a Ph.D. candidate in UC (Portugal) working with Xen's vulnerability
discovery process, right now focusing on modeling, and I'd like to
understand the process before the disclosure (by XSA or CVE/NVD).
It would be nice to have a more precise date that traces a vulnerability
(XSA) to its discovery rather than the public release date.
Currently, I'm parsing any references from NVD/CVE and analyzing the
dates. For older XSA, this works better than from newer ones.
Is there any other place that I could find this information?
*Charles Ferreira Gonçalves *
[-- Attachment #2: Type: text/html, Size: 896 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, back to index
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-25 10:34 [Xen-devel] Vulnerability disclosure vs discovery Charles Gonçalves
Xen-Devel Archive on lore.kernel.org
Archives are clonable:
git clone --mirror https://lore.kernel.org/xen-devel/0 xen-devel/git/0.git
git clone --mirror https://lore.kernel.org/xen-devel/1 xen-devel/git/1.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 xen-devel xen-devel/ https://lore.kernel.org/xen-devel \
Example config snippet for mirrors
Newsgroup available over NNTP:
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git