Mailing List Archive

Vulnerability disclosure vs discovery
Hello,

I'm a Ph.D. candidate in UC (Portugal) working with Xen's vulnerability
discovery process, right now focusing on modeling, and I'd like to
understand the process before the disclosure (by XSA or CVE/NVD).

It would be nice to have a more precise date that traces a vulnerability
(XSA) to its discovery rather than the public release date.

Currently, I'm parsing any references from NVD/CVE and analyzing the
dates. For older XSA, this works better than from newer ones.

Is there any other place that I could find this information?

Atenciosamente,
*Charles Ferreira Gonçalves *