|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CNA requirements
- To: Art Manion <amanion@cert.org>
- Subject: Re: CNA requirements
- From: jericho <jericho@attrition.org>
- Date: Sat, 28 May 2016 01:42:10 -0500
- Authentication-results: spf=none (sender IP is 129.83.29.2) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=attrition.org;
- Cc: cve-editorial-board-list <cve-editorial-board-list@LISTS.MITRE.ORG>
- Importance: high
- In-reply-to: <c12f6495-59ae-5361-722a-a42d4afdeb97@cert.org>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <CANO=Ty0PsrLPV_a8+0bTc8wdQB8NDPLnZc+koSRUTHWV4-DrzA@mail.gmail.com> <B867A247-039F-443C-B1DD-724DFCEF7978@mitre.org> <FCE8BD10-195B-4C56-8B2A-B5DA654F3D41@gmail.com> <DM2PR09MB0365489807EE40CFDF0C3645F0480@DM2PR09MB0365.namprd09.prod.outlook.com> <c12f6495-59ae-5361-722a-a42d4afdeb97@cert.org>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 43da9c421be74aed97248473db21fd15
- Spamdiagnosticoutput: 1:2
- User-agent: Alpine 2.00 (LNX 1167 2008-08-23)
On Tue, 17 May 2016, Art Manion wrote: : On 2016-05-17 10:54, Waltermire, David A. (Fed) wrote: : > IMHO, I believe we need to address this in a way that supports a non-hierarchical, graph of communications between CNAs. This models what happens in the real world. It should be possible for any CNA to find any other CNA, get their contact info, and then reach out to them to coordinate on a CVE assignment. Relying on parent CNAs does not make this work. : : How about: A CNA must have a working email and phone contact with their : parent CNA and MITRE. Responsibility of the CNA to keep it a working : contact, don't specify that it's two contacts. Perhaps all CNA contacts : go on a mailing list. CNAs are required to maintain certain public : information (that could be presented on their site, parent CNA, and/or : MITRE). MITRE is quasi-gov, CNAs are not. I will not publish my phone number for 'CNA duties', because none of them are that urgent. An alternate email address, IM contact, or a private phone # held with MITRE with clearly defined rules for contact (e.g. "between these hours on these days" or "only via SMS") maybe.
- References:
- CNA requirements
- From: Kurt Seifried <kseifried@redhat.com>
- Re: CNA requirements
- From: "Adinolfi, Daniel R" <dadinolfi@mitre.org>
- Re: CNA requirements
- From: Kent Landfield <bitwatcher@gmail.com>
- RE: CNA requirements
- From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
- Re: CNA requirements
- From: Art Manion <amanion@cert.org>
- CNA requirements
- Prev by Date: RE: CNA requirements
- Next by Date: Re: CNA requirements
- Previous by thread: Re: CNA requirements
- Next by thread: Re: CNA requirements
- Index(es):