|
|
Quick question… While I think this is a great step towards better automation, has this new request process been communicated to the CNAs? I am on the cve-cna-list and I don’t remember seeing this mentioned. I have been traveling way too
much but I do try to keep up… If I am correct, I’d recommend we not use CVE Announce list for communicating items that, while not directly, have a potential indirect effect on CNAs. I understand this is targeted towards the general community but I would expect we should
be letting the front line know so if asked or redirects are needed, they would know the correct way to request a specific CVE directly from MITRE. FWIW. --- Kent Landfield +1.817.637.8026 From: <owner-cve-announce-list@lists.mitre.org> on behalf of "Sain, Joe" <jas@mitre.org> Welcome to the latest issue of the CVE-Announce e-newsletter. This email newsletter is designed to bring recent news about Common Vulnerabilities and Exposures (CVE), such as
new compatible products, new website features, CVE in the news, etc. right to your email box. CVE is the standard for cyber security vulnerability names. The CVE Board provides oversight and input into CVE’s strategic direction, ensuring CVE meets the vulnerability
identification needs of the technology community. CVE Numbering Authorities (CNAs) are major OS vendors, security researchers, and research organizations that assign CVE Identifiers (IDs) to newly discovered issues without directly involving MITRE in the details
of the specific vulnerabilities, and include the CVE IDs in the first public disclosure of the vulnerabilities. Details on subscribing (and unsubscribing) to the email newsletter are at the end. Please feel free to pass this newsletter on to interested colleagues. Comments: cve@mitre.org ------------------------------------------------------- CVE-Announce e-newsletter/August 23, 2016 ------------------------------------------------------- Contents: 1. IMPORTANT NOTICE: Method to Request CVE IDs from MITRE Changing Soon 2. Details/Credits + Subscribing and Unsubscribing FEATURE STORY: IMPORTANT NOTICE: Method to Request CVE IDs from MITRE Changing Soon The method to request CVE IDs from MITRE will change on August 29, 2016. Using the new method, CVE ID requestors will complete a “CVE Request” web form when requesting a CVE ID
from MITRE. The previous practice of submitting requests via email will be discontinued.
The new web form will make it easier for requestors to know what information to include in their initial request, and will enhance MITRE's ability to respond to those requests
in a timely manner. User instructions will be available on the website and on the form itself. Upon completion of the form, the requestor will receive a confirmation message that the request was received and a reference number.
Please send any comments or concerns to cve@mitre.org. LINKS: Request a CVE ID -
https://cve.mitre.org/cve/request_id.html CVE IDs –
https://cve.mitre.org/cve CVE News page article –
https://cve.mitre.org/news/index.html#august232016_IMPORTANT_NOTICE_Method_to_Request_CVE_IDs_From_MITRE_Changing_Soon --------------------------------------------------------------- Details/Credits + Subscribing and Unsubscribing Managing Editor: Dan Adinolfi, Cyber Security Technical Center. Writer: Bob Roberge.
The MITRE Corporation (www.mitre.org) maintains CVE and provides impartial technical guidance to the CVE Board and CVE Numbering Authorities on all matters related to ongoing
development of the CVE Program. To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the message
to: listserv@lists.mitre.org. To subscribe, send an email message to listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List". Copyright 2016, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. CVE is sponsored by US-CERT (www.us-cert.gov) in the office of
Cybersecurity and Communications (www.dhs.gov/office-cybersecurity-and-communications) at the U.S. Department of Homeland Security (www.dhs.gov). For more information about CVE, visit the CVE website at https://cve.mitre.org or send an email to cve@mitre.org.
|