nanog mailing list archives
[no subject]
From: Ryan Shea via NANOG <nanog () nanog org>
Date: Tue, 19 May 2015 15:53:19 +0000 (UTC)
This post was from a subscriber whose From: address domain has a DMARC policy of reject or quarantine. The NANOG mailing list has automatically wrapped this message to prevent other subscribers mail systems from rejecting it.
--- Begin Message --- From: Ryan Shea <ryanshea () google com>
Date: Tue, 19 May 2015 15:53:15 +0000
Manually setting up and parsing email notifications for security vulnerabilities for all vendors is mighty annoying. It looks like the ICASI CVRF <http://www.icasi.org/cvrf> Working Group thought the same thing back in 2011 when they came up with this handy XML schema. I had not known of this until yesterday and noticed that Cisco does a good job <http://tools.cisco.com/security/center/cvrfListing.x> posting their vulnerabilities in CVRF. Word on the streets is that Juniper <https://twitter.com/junipersirt/status/70627418737610752> was at least partially involved in CVRF as well. Brocade may have looked into it as well. This does not seem like a difficult thing for vendors to do, but the missing piece may be customer interest. I am hoping to drum up some interest here -- maybe a few support requests would entice them to hand this off to an intern and we could collectively do better at managing vendor notifications. A tool <https://github.com/mschiffm/cvrfparse> to parse CVRF is already floating about as well (mschiffm).
--- End Message ---
Current thread:
- [no subject] Ryan Shea via NANOG (May 19)
- Re: Christopher Morrow (May 19)
- Re: your mail Jared Mauch (May 19)
- Message not available
- Re: your mail Larry Sheldon (May 19)