Re: CERT vs Bugtraq

• Previous message: Lord Shaolin: "Re: CISSP vs Security+"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 01 Sep 2003 11:21:16 GMT

"Duane Morin" <dmorin@morinfamily.com> wrote in message news:554f29fd.0308310404.38b9605c@posting.google.com...
> Is there any sort of relationship between these two lists?

No.

> For instance, what level of priority does a vulnerability have to reach before
> it is picked up as a CERT advisory?

http://www.cert.org/faq/cert_faq.html

It really has nothing to do with priorities. CERT is concerned
with responses to emergencies; Bugtraq is concerned with
tracking defects. CERT accepts reports, validates security
risks and actual attacks, and responds very quickly if the
vulnerability is causing problems right now. They respond
more slowly if the matter is a -potential- vulnerability which
no one has encountered in reality; it's still a concern, but
it isn't an -emergency- and doesn't require an immediate
-response-.

CERT stands for Computer Emergency Response Team.
Read the offerings on the CERT website, especially their
guidelines on setting up your own Computer Emergency
Response Team. This will give you an idea of what they
do, and how and why they do it.

• Previous message: Lord Shaolin: "Re: CISSP vs Security+"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]