|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: CNA requirements
- To: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
- Subject: RE: CNA requirements
- From: jericho <jericho@attrition.org>
- Date: Sat, 28 May 2016 01:40:25 -0500
- Authentication-results: spf=none (sender IP is 129.83.29.2) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=attrition.org;
- Cc: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
- Importance: high
- In-reply-to: <DM2PR09MB0365489807EE40CFDF0C3645F0480@DM2PR09MB0365.namprd09.prod.outlook.com>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <CANO=Ty0PsrLPV_a8+0bTc8wdQB8NDPLnZc+koSRUTHWV4-DrzA@mail.gmail.com> <B867A247-039F-443C-B1DD-724DFCEF7978@mitre.org> <FCE8BD10-195B-4C56-8B2A-B5DA654F3D41@gmail.com> <DM2PR09MB0365489807EE40CFDF0C3645F0480@DM2PR09MB0365.namprd09.prod.outlook.com>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 43da9c421be74aed97248473db21fd15
- Spamdiagnosticoutput: 1:2
- User-agent: Alpine 2.00 (LNX 1167 2008-08-23)
On Tue, 17 May 2016, Waltermire, David A. (Fed) wrote: : IMHO, I believe we need to address this in a way that supports a : non-hierarchical, graph of communications between CNAs. This models what : happens in the real world. It should be possible for any CNA to find any : other CNA, get their contact info, and then reach out to them to : coordinate on a CVE assignment. Relying on parent CNAs does not make : this work. Absolutely spot on, and should have happened years ago. That said, consider that MITRE has gone dark for months at a time while trying to coordinate disclosures. Why expect CNAs act a certain way, when the mothership does not?
- References:
- CNA requirements
- From: Kurt Seifried <kseifried@redhat.com>
- Re: CNA requirements
- From: "Adinolfi, Daniel R" <dadinolfi@mitre.org>
- Re: CNA requirements
- From: Kent Landfield <bitwatcher@gmail.com>
- RE: CNA requirements
- From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
- CNA requirements
- Prev by Date: Re: CNA requirements
- Next by Date: Re: CNA requirements
- Previous by thread: Re: CNA requirements
- Next by thread: Re: CNA requirements
- Index(es):