|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Interim position on assigning CVEs for automated testing and other large-scale vulnerability disclosures
- To: "Boyle, Stephen V." <sboyle@mitre.org>
- Subject: Re: Interim position on assigning CVEs for automated testing and other large-scale vulnerability disclosures
- From: jericho <jericho@attrition.org>
- Date: Tue, 1 Sep 2015 23:42:39 -0500
- Authentication-Results: spf=none (sender IP is 129.83.29.2)smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (messagenot signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=noneheader.from=attrition.org;
- CC: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
- Delivered-To: coley@rcf-smtp.mitre.org
- Delivery-Date: Wed Sep 2 00:43:42 2015
- In-Reply-To: <SN1PR09MB081316094129843E370C324DC7FB0@SN1PR09MB0813.namprd09.prod.outlook.com>
- List-Help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-Owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-Subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-Unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <SN1PR09MB081316094129843E370C324DC7FB0@SN1PR09MB0813.namprd09.prod.outlook.com>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- SpamDiagnosticMetadata: NSPM
- SpamDiagnosticOutput: 1:23
- User-Agent: Alpine 2.00 (LNX 1167 2008-08-23)
On Thu, 9 Apr 2015, Boyle, Stephen V. wrote: : In the past, CVE has occasionally been requested to assign CVE-IDs for : submissions based on the results of automated testing or similar methods : that can produce a large number of findings. We will refer to these as : "large-scale requests." We have traditionally handled such requests on : a case-by-case basis, but with the increasing use of automated testing : tools and similar methods, we believe that large-scale requests for : CVE-IDs will become more frequent. : Steve Christey Coley is preparing a paper on this topic, but we wanted : to provide the Board with an interim statement to help clarify our : position and our planned response to large-scale CVE requests for the : near term. What is the status of this paper please?
- Follow-Ups:
- RE: Interim position on assigning CVEs for automated testing and other large-scale vulnerability disclosures
- From: "Boyle, Stephen V." <sboyle@mitre.org>
- RE: Interim position on assigning CVEs for automated testing and other large-scale vulnerability disclosures
- Prev by Date: RE: Board list archive not updating
- Next by Date: Question about non-board-member posts to the list
- Prev by thread: Missing/undelivered messages archives on cve.mitre.org
- Next by thread: RE: Interim position on assigning CVEs for automated testing and other large-scale vulnerability disclosures
- Index(es):