oss-sec mailing list archives

Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies

From: Reed Loden <reed () reedloden com>
Date: Wed, 9 Mar 2016 11:07:19 -0800

Issued to some people, perhaps, but there are plenty of examples of MITRE
not issuing CVEs even after multiple months and pokes. Understand MITRE is
resource constrained, but they are blocking new CNAs as well, which doesn't
help.

Just check out the board list archives (
https://cve.mitre.org/data/board/archives/). MITRE isn't responding at all
to people's concerns.

~reed

On Wed, Mar 9, 2016 at 11:04 AM, David A. Wheeler <dwheeler () dwheeler com>
wrote:

All - I've chatted with some of the people who fund the CVE work at MITRE.
I've learned that CVEs *are* being issued, but obviously that is happening
too slowly.

They're having a meeting tomorrow (March 10) to try to figure out what
the problems are and how to fix it.  I don't know what they'll do.
However, I'm hopeful that  this will mean that the CVE work will get
back on track soon.

--- David A. Wheeler

Current thread:

Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies, (continued)
- - - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Robert Paprocki (Mar 06)
    - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Gsunde Orangen (Mar 06)
    - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Amos Jeffries (Mar 06)
    - RE: [security-vendor] Re: [oss-security] Concerns about CVE coverage shrinking - direct impact to researchers/companies Radzykewycz, T (Radzy) (Mar 07)
    - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Tim Brown (Mar 09)
    - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Kurt Seifried (Mar 09)
    - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies David A. Wheeler (Mar 09)
    - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Kurt Seifried (Mar 09)
    - RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Boyle, Stephen V. (Mar 09)
    - RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies John Scott (Mar 10)
    - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Reed Loden (Mar 09)
    - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Timothy D. Morgan (Mar 09)
    - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Kurt Seifried (Mar 09)
    - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Timothy D. Morgan (Mar 10)
    - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Kurt Seifried (Mar 10)
    - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Tim (Mar 10)
    - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Zach W. (Mar 10)
    - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Kurt Seifried (Mar 10)
    - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies halfdog (Mar 10)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Tavis Ormandy (Mar 05)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Markus Vervier (Mar 07)

(Thread continues...)