|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CNA Rules Announcement
- To: cve-editorial-board-list <cve-editorial-board-list@LISTS.MITRE.ORG>
- Subject: Re: CNA Rules Announcement
- From: Mark J Cox <mjc@redhat.com>
- Date: Wed, 12 Oct 2016 08:55:43 +0100
- Authentication-results: spf=none (sender IP is 129.83.29.2) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=redhat.com;mitre.org; dkim=none (message not signed) header.d=none;
- Cc: cve-cna-list <cve-cna-list@LISTS.MITRE.ORG>
- Delivery-date: Wed Oct 12 07:54:12 2016
- In-reply-to: <CANO=Ty2HwiK-cqLBVShLmtwFVaLizQv9XNNAMMK-4S0zRO_pSA@mail.gmail.com>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <MWHPR09MB1485225620B9A4E94B589A85A1C60@MWHPR09MB1485.namprd09.prod.outlook.com> <8958b557-5518-b383-8c2a-fe5089dc25d6@juniper.net> <CY4PR09MB1255129E06A8EEEFBFA9AB4CE6DA0@CY4PR09MB1255.namprd09.prod.outlook.com> <19b176ce-df69-89cd-ed8e-8b2553ec6e28@juniper.net> <CANO=Ty2HwiK-cqLBVShLmtwFVaLizQv9XNNAMMK-4S0zRO_pSA@mail.gmail.com>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 6cdb8bfc89744bd8bfee511e3e65aa05
- Spamdiagnosticoutput: 1:2
For some time the upstreams I've been involved with have used yet another mechanism for listing vulnerabilities, a custom XML:
https://httpd.apache.org/security/vulnerabilities-httpd.xml https://www.openssl.org/news/vulnerabilities.xmlThese are the source documents; the idea being this is easily automatically converted by stylesheets to web pages for those projects, as well as allowing conversion to CVRF or whatever-Mitre-wants given the new CNA rules.
We're not adverse to changing these to some other format, and have already been looking at switching to CVRF for the base in OpenSSL for example.
Mark
- References:
- CNA Rules Announcement
- From: "Coffin, Chris" <ccoffin@mitre.org>
- RE: CNA Rules Announcement
- From: "Booth, Harold (Fed)" <harold.booth@nist.gov>
- Re: CNA Rules Announcement
- From: Kurt Seifried <kseifried@redhat.com>
- CNA Rules Announcement
- Prev by Date: Re: CNA Rules Announcement
- Next by Date: Re: CNA Rules Announcement
- Previous by thread: Re: CNA Rules Announcement
- Next by thread: Re: CNA Rules Announcement
- Index(es):