oss-sec mailing list archives

RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies

From: "Boyle, Stephen V." <sboyle () mitre org>
Date: Wed, 9 Mar 2016 20:28:18 +0000

Hi Kurt and David,

The CVE team is holding a series of internal meetings related to the referenced issues, including one tomorrow. There 
is not a meeting with the Editorial Board (or a subset of Editorial Board members) scheduled for or being held 
tomorrow. 

We would like to propose an Editorial Board meeting to address issues related to CVE operations, scalability, and 
community feedback, as was first suggested by Kent Landfield on January 5, 2016. (Full discussion thread available at: 
http://common-vulnerabilities-and-exposures-cve-editorial-board.1128451.n5.nabble.com/CVE-Advancements-tt81.html)

 The internal meetings referenced above will enable us to come to that Editorial Board meeting with specific 
recommendations and proposed next steps.  

Best Regards,
The MITRE CVE Team

-----Original Message-----
From: Kurt Seifried [mailto:kseifried () redhat com] 
Sent: Wednesday, March 09, 2016 2:06 PM
To: David A. Wheeler <dwheeler () dwheeler com>; cve-editorial-board-list <cve-editorial-board-list () lists mitre org>
Cc: oss-security <oss-security () lists openwall com>
Subject: Re: [oss-security] Concerns about CVE coverage shrinking - direct impact to researchers/companies

On Wed, Mar 9, 2016 at 12:04 PM, David A. Wheeler <dwheeler () dwheeler com>
wrote:

All - I've chatted with some of the people who fund the CVE work at MITRE.
I've learned that CVEs *are* being issued, but obviously that is happening
too slowly.

They're having a meeting tomorrow (March 10) to try to figure out what
the problems are and how to fix it.  I don't know what they'll do.
However, I'm hopeful that  this will mean that the CVE work will get
back on track soon.

--- David A. Wheeler


This is literally the first I'm hearing of this, will any board members be
present?


-- 

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert () redhat com

Current thread:

Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies, (continued)
- - - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies op7ic \x00 (Mar 06)
    - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Solar Designer (Mar 06)
    - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Robert Paprocki (Mar 06)
    - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Gsunde Orangen (Mar 06)
    - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Amos Jeffries (Mar 06)
    - RE: [security-vendor] Re: [oss-security] Concerns about CVE coverage shrinking - direct impact to researchers/companies Radzykewycz, T (Radzy) (Mar 07)
    - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Tim Brown (Mar 09)
    - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Kurt Seifried (Mar 09)
    - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies David A. Wheeler (Mar 09)
    - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Kurt Seifried (Mar 09)
    - RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Boyle, Stephen V. (Mar 09)
    - RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies John Scott (Mar 10)
    - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Reed Loden (Mar 09)
    - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Timothy D. Morgan (Mar 09)
    - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Kurt Seifried (Mar 09)
    - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Timothy D. Morgan (Mar 10)
    - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Kurt Seifried (Mar 10)
    - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Tim (Mar 10)
    - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Zach W. (Mar 10)
    - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Kurt Seifried (Mar 10)
    - Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies halfdog (Mar 10)

(Thread continues...)