[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] [RESEARCH] Security patch delivery delay

Hello xen-users,

I am currently analyzing the delay between vulnerability disclosure (CVE release) and the release of a corresponding patch.

First, i noticed that some vulnerabilities are patched before the CVE was assigned. How is that possible? Was the vulnerability "accitendally" fixed? (Example: According to NVD CVE-2011-2519 was fixed on 2008-02-05)

Second, does someone know why some vulnerabilities get a fix on CVE release day while some only recieve a fix after weeks or even month? (Maximum delay I observed is 241 days)


Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.