Ok I've read your existing list.
you might consider a section for system configuration errors (ex. LDAP
auth being passed in clear to an AD server that doesn't support
starttls/ssl when not using GSSAPI or having SSH 1 available, etc)
seeding errors for rand yielding predictable results
improper handling of errno values resulting in lock/race/buffer probs
On 08/12/2013 02:20 PM, Josh Bressers wrote:
> Did you have a particular use-case in mind for your list? Will
> accessing this list programmatically or just for human consumption?
> Perhaps a schema/classification skeleton we could start with? Do you
> want a list of specific exploits/vulnerabilities (so you might start
> with local and remote for example then drill down with stack exploits,
> cross site injections etc) or just a list of the monikers of actual
> exploits like "sasser", or something more like "social
> "network", "program code"..."input validation", etc?
Basically it's just a list for me. I'm putting together a nice list of
possible topics for a variety of reasons. I figured it would be nice to get
input from others, and obvious make such a list public for anyone who
wanted something similar.
It's a pretty open request, so I'd say anything goes. If you have some
ideas, jot them down.