oss-sec mailing list archives
Re: MITRE is adding data intake to its CVE ID process
From: Amos Jeffries <squid3 () treenet co nz>
Date: Fri, 10 Feb 2017 08:23:18 +1300
On 10/02/2017 5:07 a.m., Steven R. Loomis wrote:
On 2/9/17 6:54 AM, Peter Bex wrote:In an ideal world, free software project leaders should be able to request a CVE ID _before_ announcing a vulnerability to their user base. If there were some way to register people as project leaders, the "proof" should not be necessary, they should be able to request a CVE ID with authority.Peter, I actually wondered about this very thing, if it was possible to request an ID before the details were fully available. From your note, it sounds like this is not the case currently. Steven
I used to request CVE with a brief description suitable for the CVE record and reference URL(s) eg. where the upstream advisory was going to be located. Nowdays someone at mitre seems to be waiting for the URL to go public before assignment :-(. AYJ
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- MITRE is adding data intake to its CVE ID process cve-assign (Feb 08)
- Re: MITRE is adding data intake to its CVE ID process P J P (Feb 08)
- Re: MITRE is adding data intake to its CVE ID process Simon McVittie (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process Jeremy Stanley (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process Peter Bex (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process Steven R. Loomis (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process Amos Jeffries (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process Jeremy Stanley (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process John Haxby (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Stiepan (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Simon McVittie (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Pierre Schweitzer (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Moritz Muehlenhoff (Feb 11)
- Re: MITRE is adding data intake to its CVE ID process Bob Friesenhahn (Feb 11)
- RE: MITRE is adding data intake to its CVE ID process Ben Tasker (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Mike Gerwitz (Feb 10)