oss-sec mailing list archives
Re: MITRE is adding data intake to its CVE ID process
From: Simon McVittie <smcv () debian org>
Date: Fri, 10 Feb 2017 19:37:48 +0000
On Fri, 10 Feb 2017 at 13:09:43 -0500, Stiepan wrote:
By the way, I have just tried the OVE ID alternative: good idea, but perhaps one button is a bit too frugal.
The purpose of OVE IDs is literally only creating a unique identifier that no other maintainer or security researcher will be using to identify a different vulnerability. That's all they are. How you publish the vulnerability for which you have used the identifier is up to you. They're slightly more readable and memorable than using /proc/sys/kernel/random/uuid to allocate identifiers, and they give you some vague idea of how old the vulnerability report is. That's about the only difference. (Hmm, now I'm tempted to use /proc/sys/kernel/random/uuid next time I need a unique ID for a vulnerability that's already public...)
P.S.: While we're at it, let's use the two OVEs I have just wasted, OVE-20170210-0001 (forward CVE web request+ID to oss-sec) OVE-20170210-0002 (add a title option field to OVE web form), for the two aforementioned issues!
I'm pretty sure those aren't security vulnerabilities in any product :-P S
Current thread:
- MITRE is adding data intake to its CVE ID process cve-assign (Feb 08)
- Re: MITRE is adding data intake to its CVE ID process P J P (Feb 08)
- Re: MITRE is adding data intake to its CVE ID process Simon McVittie (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process Jeremy Stanley (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process Peter Bex (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process Steven R. Loomis (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process Amos Jeffries (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process Jeremy Stanley (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process John Haxby (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Stiepan (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Simon McVittie (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Pierre Schweitzer (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Moritz Muehlenhoff (Feb 11)
- Re: MITRE is adding data intake to its CVE ID process Bob Friesenhahn (Feb 11)
- RE: MITRE is adding data intake to its CVE ID process Ben Tasker (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Mike Gerwitz (Feb 10)
- RE: MITRE is adding data intake to its CVE ID process Maier, Kurt H (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Tim (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Kurt Seifried (Feb 10)