If this test data is not sufficient, what requirements are missing? What are the more specific use cases for "test CVE IDs" that you would like to accomplish?
These are all from year 2014, also only 28 of them, I'm thinking more cases where I run the scripts/system/whatever to convert a bunch of data into CVEs, and grind it through my whole system (once I have one) using a set of CVE #'s which I can hardcode the final presentation systems/etc to ignore (e.g. for the sake of argument CVE-YEAR-98765****). This isn't a needed use case really yet, but long term with automation I'm wondering how we do as close to live testing as possible (hence the request).
-- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 Red Hat Product Security contact: [hidden email]