[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVE's for private/"Secret" issues



Hey I was just reading

http://www.wired.com/2015/11/heres-a-spy-firms-price-list-for-secret-hacker-techniques/#slide-2

TL;DR: another firm that acquires 0 day vulns, the news being they published their price chart. 

There are now several firms like this (TIppingPoint, ImmunityInc, etc.) and I was wondering what, if any, process there is with respect to CVE assignments, my experience is that the sooner a CVE is assigned the better, ideally prior to public release if possible. Has Mitre reached out to these companies at all to help them understand the value of getting CVE's in advance and so on?

--

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com

Page Last Updated or Reviewed: November 23, 2015