|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Regarding the Distributed Weakness Filing system
- To: Pascal Meunier <pmeunier@cerias.purdue.edu>, "Boyle, Stephen V." <sboyle@mitre.org>
- Subject: Re: Regarding the Distributed Weakness Filing system
- From: Kurt Seifried <kseifried@redhat.com>
- Date: Wed, 9 Mar 2016 07:45:49 -0700
- Authentication-results: spf=none (sender IP is 129.83.29.3) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=redhat.com;
- Cc: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
- Delivery-date: Wed Mar 9 10:14:46 2016
- In-reply-to: <56DE3DA4.2010402@cerias.purdue.edu>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <CANO=Ty3tjTEMh7-xZSfzXaWBYmEu4N_bnZLXVmBxgD6x6942nw@mail.gmail.com> <56DE3DA4.2010402@cerias.purdue.edu>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 43da9c421be74aed97248473db21fd15
- Spamdiagnosticoutput: 1:2
Can someone from Mitre at least confirm that they have seen this email? It's been over a week now with no reply from Mitre on anything:
On Mon, Mar 7, 2016 at 7:49 PM, Pascal Meunier <pmeunier@cerias.purdue.edu> wrote:
On 03/07/2016 08:53 PM, Kurt Seifried wrote:
"The vendor declined to fix the vulnerability".
That one is jaw-dropping. By implication, if I refuse to fix it, you can't mention it, discuss it, or issue an advisory about it? That's obstructing vulnerability disclosure, and a way to stimulate full disclosure by default for future issues.
Can MITRE please report how many times this reason is used?
Pascal
--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com
- Follow-Ups:
- RE: Regarding the Distributed Weakness Filing system
- From: "Boyle, Stephen V." <sboyle@mitre.org>
- RE: Regarding the Distributed Weakness Filing system
- References:
- Regarding the Distributed Weakness Filing system
- From: Kurt Seifried <kseifried@redhat.com>
- Re: Regarding the Distributed Weakness Filing system
- From: Pascal Meunier <pmeunier@cerias.purdue.edu>
- Regarding the Distributed Weakness Filing system
- Prev by Date: Re: Regarding the Distributed Weakness Filing system
- Next by Date: Re: [oss-security] Concerns about CVE coverage shrinking - direct impact to researchers/companies
- Previous by thread: Re: Regarding the Distributed Weakness Filing system
- Next by thread: RE: Regarding the Distributed Weakness Filing system
- Index(es):