|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Interim position on assigning CVEs for automated testing and other large-scale vulnerability disclosures
- To: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
- Subject: RE: Interim position on assigning CVEs for automated testing and other large-scale vulnerability disclosures
- From: "Boyle, Stephen V." <sboyle@mitre.org>
- Date: Wed, 2 Sep 2015 13:23:01 +0000
- Accept-Language: en-US
- Authentication-Results: spf=none (sender IP is 129.83.29.3)smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (messagenot signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=noneheader.from=mitre.org;
- CC: "Boyle, Stephen V." <sboyle@mitre.org>
- Delivered-To: coley@rcf-smtp.mitre.org
- Delivery-Date: Wed Sep 2 09:24:23 2015
- In-Reply-To: <alpine.LNX.2.00.1509012342130.15040@forced.attrition.org>
- List-Help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-Owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-Subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-Unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <SN1PR09MB081316094129843E370C324DC7FB0@SN1PR09MB0813.namprd09.prod.outlook.com> <alpine.LNX.2.00.1509012342130.15040@forced.attrition.org>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- SpamDiagnosticMetadata: NSPM
- SpamDiagnosticMetadata: NSPM
- SpamDiagnosticOutput: 1:23
- SpamDiagnosticOutput: 1:23
- Thread-Index: AQHQ5TnPFsN/LUhdrkCh5Uhl+E3Ge54pOlUA
- Thread-Topic: Interim position on assigning CVEs for automated testing and other large-scale vulnerability disclosures
The paper is in review internally. Steve -----Original Message----- From: jericho [mailto:jericho@attrition.org] Sent: Wednesday, September 02, 2015 12:43 AM To: Boyle, Stephen V. <sboyle@mitre.org> Cc: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org> Subject: Re: Interim position on assigning CVEs for automated testing and other large-scale vulnerability disclosures Importance: High On Thu, 9 Apr 2015, Boyle, Stephen V. wrote: : In the past, CVE has occasionally been requested to assign CVE-IDs for : submissions based on the results of automated testing or similar methods : that can produce a large number of findings. We will refer to these as : "large-scale requests." We have traditionally handled such requests on : a case-by-case basis, but with the increasing use of automated testing : tools and similar methods, we believe that large-scale requests for : CVE-IDs will become more frequent. : Steve Christey Coley is preparing a paper on this topic, but we wanted : to provide the Board with an interim statement to help clarify our : position and our planned response to large-scale CVE requests for the : near term. What is the status of this paper please?
- References:
- Re: Interim position on assigning CVEs for automated testing and other large-scale vulnerability disclosures
- From: jericho <jericho@attrition.org>
- Re: Interim position on assigning CVEs for automated testing and other large-scale vulnerability disclosures
- Prev by Date: RE: procedure for penalizing or revoking CNA status?
- Next by Date: RE: Question about non-board-member posts to the list
- Prev by thread: Re: Interim position on assigning CVEs for automated testing and other large-scale vulnerability disclosures
- Next by thread: Question about non-board-member posts to the list
- Index(es):