Month: May 2024
-
GVD Discussion – Round Two
Tom Alrich published a blog titled “The Global Vulnerability Database won’t be a “database” at all” on November 10, 2023. In the blog Tom lays out some ideas for how this “database” would operate and the advantages he sees. I didn’t see this blog until early May and posted my “Thoughts on Tom Alrich’s “Global…
-
Two Definitions of Zero Day Apparently
What is a “zero day vulnerability”? It’s a term that is frequently used in the vulnerability disclosure ecosystem. I have blogged on this topic frequently and reading some of this will give more history and context, so I won’t rehash everything. If you read one blog, make it “No One Will Burn A Zero Day…
-
Random Movie/TV Thoughts and Reviews (May 2024)
I haven’t had time to do clean write-up reviews of various movies every time, so here are some random thoughts about recent content. In no particular order… Netflix: Heart of the Hunter is advertised as “John Wick, but in Africa”. No, not even close. Just a string of cliches and not even well done at…
-
Thoughts on CISA’s “Vulnrichment” Initiative
As many in the vulnerability disclosure ecosystem are now aware, the Cybersecurity & Infrastructure Security Agency (CISA), announced a new program called “Vulnrichment” on LinkedIn yesterday. News about the program spread rapidly via news sites and private companies. In this statement and elsewhere, there are definitely some general questions to be asked out loud since…
-
Thoughts on Tom Alrich’s “Global Vulnerability Database”
Tom Alrich published a blog last year titled “The Global Vulnerability Database won’t be a “database” at all“. It is basically his outline for how to make an international database that many can contribute to, to replace the inadequate CVE / NVD database. He said he welcomes any comments and when it comes to vulnerability…