oss-sec mailing list archives
Re: How to request a CVE for open source projects
From: "Perry E. Metzger" <perry () piermont com>
Date: Mon, 22 May 2017 22:28:04 -0400
On Mon, 22 May 2017 20:04:41 -0600 Kurt Seifried <kseifried () redhat com> wrote:
Primarily, freeform discussion of the sort that occurred on this list as a natural outcropping of the CVE request process led to people linking to verification code, temporary mitigations, highlighting of incomplete fixes, and the sort of information that was requested earlier in this thread. This ability to easily chip in to ongoing situations wasn't just useful for mitre staff doing CVE work, it was also useful for the "community of practice" looking for the latest information regarding self-defense. I've prevented more than one attack thanks to a one-off reply from someone in response to a CVE request.You can still do this. oss-security is a list run by Solar Designer (openwall.com). I happen to be a long time poster/moderator, but I have no official control/etc (I don't even block posts, that's up to solar, I just allow stuff or ignore it when it's up for moderation).
Maybe after CVEs are assigned the forms could be emailed to the list as a replacement for the old request emails, to kick off discussion and alert people to their existence? Perry -- Perry E. Metzger perry () piermont com
Current thread:
- How to request a CVE for open source projects Michael Catanzaro (May 22)
- Re: How to request a CVE for open source projects Marcus Meissner (May 22)
- Re: How to request a CVE for open source projects Kurt H Maier (May 22)
- Re: How to request a CVE for open source projects Kurt Seifried (May 22)
- Re: How to request a CVE for open source projects Kurt H Maier (May 22)
- Re: How to request a CVE for open source projects Kurt Seifried (May 22)
- Re: How to request a CVE for open source projects Kurt H Maier (May 22)
- Re: How to request a CVE for open source projects Kurt Seifried (May 22)
- Re: How to request a CVE for open source projects Kurt H Maier (May 22)
- Re: How to request a CVE for open source projects Perry E. Metzger (May 22)
- Re: How to request a CVE for open source projects Kurt Seifried (May 23)
- Re: How to request a CVE for open source projects Kurt H Maier (May 22)
- Re: How to request a CVE for open source projects Marcus Meissner (May 22)
- Re: How to request a CVE for open source projects Martin (May 22)
- Re: How to request a CVE for open source projects Kurt Seifried (May 22)