oss-sec mailing list archives
Re: MITRE is adding data intake to its CVE ID process
From: Pierre Schweitzer <pierre () reactos org>
Date: Fri, 10 Feb 2017 20:10:47 +0100
Hi, I agree with John as well (regarding his suggestion). As a side remark, would it be possible to properly configure the webserver of https://cveform.mitre.org? In environements that perform strict TLS checking, it cannot work, due to missing certificates chain. Cheers, Pierre Le 10/02/2017 à 19:09, Stiepan a écrit :
Same concern here; I second your suggestion, John. By the way, I have just tried the OVE ID alternative: good idea, but perhaps one button is a bit too frugal. What about adding at least the possibility of a title? This would probably encourage people to use OVEs. Of course, a catpcha might be needed in that event. Stiepan P.S.: While we're at it, let's use the two OVEs I have just wasted, OVE-20170210-0001 (forward CVE web request+ID to oss-sec) OVE-20170210-0002 (add a title option field to OVE web form), for the two aforementioned issues! -------- Original Message -------- Subject: Re: [oss-security] MITRE is adding data intake to its CVE ID process Local Time: 10 February 2017 5:08 PM UTC Time: 10 February 2017 16:09 From: john.haxby () oracle com To: oss-security () lists openwall com On 10/02/17 15:40, Priedhorsky, Reid wrote:To more efficiently assign and publish CVE IDs and to enable automation and data sharing within CVE operations, MITRE is changing the way it accepts CVE ID requests on the oss-security mailing list. Starting today, please direct CVE ID requests to this web form <https://cveform.mitre.org/> I’ve been using the CVE requests on oss-security to maintain a reasonably comprehensive and timely list of vulnerabilities for specific products. It’s not clear to me how to do this when CVE requests happen offline in a web form. Has this use case been considered? Is there an alternate way to accomplish my goal?I'm glad someone else mentioned this -- I've been wondering too. What would be nice is if the web form forwarded the request and CVE-ID (suitably formatted) to oss-security or a similar list. jch
-- Pierre Schweitzer <pierre at reactos.org> System & Network Administrator Senior Kernel Developer ReactOS Deutschland e.V.
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: MITRE is adding data intake to its CVE ID process, (continued)
- Re: MITRE is adding data intake to its CVE ID process P J P (Feb 08)
- Re: MITRE is adding data intake to its CVE ID process Simon McVittie (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process Jeremy Stanley (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process Peter Bex (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process Steven R. Loomis (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process Amos Jeffries (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process Jeremy Stanley (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process John Haxby (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Stiepan (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Simon McVittie (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Pierre Schweitzer (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Moritz Muehlenhoff (Feb 11)
- Re: MITRE is adding data intake to its CVE ID process Bob Friesenhahn (Feb 11)
- RE: MITRE is adding data intake to its CVE ID process Ben Tasker (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Mike Gerwitz (Feb 10)
- RE: MITRE is adding data intake to its CVE ID process Maier, Kurt H (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Tim (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Kurt Seifried (Feb 10)
- RE: MITRE is adding data intake to its CVE ID process Williams, Ken (Feb 10)