For a non-comprehensive list of actual vague advisories, see:
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=cd:vague Interestingly, vague advisories come from all types of developers, not just the one or two most obvious vendors. For some discussions on the impact of vague vendor advisories on CVE (and on other vulnerability information sources), see the thread beginning at: http://cve.mitre.org/board/archives/2002-02/msg00008.html Currently, CVE only tracks vague announcements from vendors, but it may become important to track announcements from researchers who follow a "grace period" in which they announce the existence of some vulnerability, but delay releasing full details for some period of time. - Steve _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html