As usual, it's been quite a while since I wrote anything. Too much work. However I did wanted to note one thing in the diary which I'm proud of (finally) doing: Debian Security Crossreferences. It might seem kind of simple, but, believe me, it's not that easy. One of the things that sparked it was a diary entry from Mark Cox. Now I can say: "Boo! Debian has a full crossreference mapping of security references for not one, but three different security sources" :-)
The enabler of these crossreference mapping is really the work I did on the wml security templates for the Debian web server way back in january which have been used extensively in DSAs since then.
Anyway, it's funny that no distribution/vendor (either free software or propietary) has this kind of information up on their security-related webpages. It's kind of hard to do security research without this. Fortunately, stuff like OSVDB will help to do this type of work easier (or at least cheaper than paying securityfocus to provide you with a copy of the Bugtraq database.
Oh, and hopefully Mitre will update their mapping soon, since it is not entirely correct.