Note that Adobe has been using CVE identifiers in their advisories since 2005.
In this case, Adobe asked for a CVE identifier aproximately 24 hours before they published. Since a zero-day exploit prompted the advisory, they likely thought it was better to publish than to wait for a response from me.
CVE is not set up well for rapid response, although we are working on it, and I try to handle reservation requests quickly.
Thank you Steve for pointing out the circumstances and Adobe’s track record. It would make sense to cut a few corners to issue an urgently needed advisory.
Thanks for all the work that you do.
on Friday, February 20, 2009 at 02:35 PM