|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Draft CNA document for discussion
- To: "Adinolfi, Daniel R" <dadinolfi@mitre.org>
- Subject: Re: Draft CNA document for discussion
- From: Kurt Seifried <kseifried@redhat.com>
- Date: Tue, 17 May 2016 19:27:18 -0600
- Authentication-results: spf=none (sender IP is 129.83.29.2) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=redhat.com;
- Cc: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
- In-reply-to: <EE4F7CEE-C98E-49BA-BC28-C275FB2FFE90@mitre.org>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <EE4F7CEE-C98E-49BA-BC28-C275FB2FFE90@mitre.org>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 43da9c421be74aed97248473db21fd15
- Spamdiagnosticoutput: 1:2
I would say for now:
As of May 17, 2016 the DWF does not have the processes and technology to properly handle embargoed issues in place, as such we can only handle public issues. If you need a CVE for an embargoed issue please use the Red Hat CNA (secalert@redhat.com). Please note that the DWF is actively planning to have process and technology to handle embargoed CVE requests.
On Tue, May 17, 2016 at 8:12 AM, Adinolfi, Daniel R <dadinolfi@mitre.org> wrote:
Folks,
I have uploaded this DRAFT CNA Information Sharing and Embargo Policies document to GitHub.
<http://cveproject.github.io/docs/cna/DRAFT%20-%20Information%20Sharing%20and%20Embargo%20Policies.docx>
The idea is to have each CNA describe when and to whom they will disclose information submitted to the CNA, both internally to the CNA and to the world.
The linked document is a starting point for that and will be part of the bigger CNA framework and documentation effort. (This is one of many documents we'll produce as part of that.) Please consider it a strawman to begin the discussion.
Thanks.
-Dan
_________________________
Daniel Adinolfi, CISSP
Lead Cybersecurity Engineer, The MITRE Corporation
J83D - Cyber Security Partnerships, Sharing, and Automation
Email: <dadinolfi@mitre.org> Phone: 781-271-5774
--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com
- References:
- Draft CNA document for discussion
- From: "Adinolfi, Daniel R" <dadinolfi@mitre.org>
- Draft CNA document for discussion
- Prev by Date: Re: CNA requirements
- Next by Date: DWF Mailing lists
- Previous by thread: Draft CNA document for discussion
- Next by thread: CVE Editorial Board Teleconference Summary - May 5, 2016
- Index(es):