|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
what text is being sent to researchers re: OSS assignments?
- To: CVE Editorial Board <cve-editorial-board-list@lists.mitre.org>
- Subject: what text is being sent to researchers re: OSS assignments?
- From: jericho <jericho@attrition.org>
- Date: Sun, 18 Dec 2016 20:44:42 -0600
- Authentication-results: spf=none (sender IP is 129.83.29.3) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=attrition.org;mitre.org; dkim=none (message not signed) header.d=none;
- Cc: CVE CNA List <cve-cna-list@LISTS.MITRE.ORG>
- Delivery-date: Mon Dec 19 07:51:02 2016
- Importance: high
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 6cdb8bfc89744bd8bfee511e3e65aa05
- Spamdiagnosticoutput: 1:2
- User-agent: Alpine 2.00 (LNX 1167 2008-08-23)
Reference: https://www.stevencampbell.info/2016/12/my-first-cve-2016-1000329-in-blogphp/ I submitted my CVE request through Mitre who notified me that open source software CVE requests are now processed via the Distributed Weakness Filing before being sent to Mitre for inclusion in their database.This creates an obvious disconnect and potentially duplicate assignments and confusion, if researchers are being told to go to DWF for *all* OSS assignments. For example, Apache is a CNA and has many OSS projects, but vulnerabilities in their software should go to them, not DWF. Could MITRE share the text that is being sent out currently?
.b
- Follow-Ups:
- Re: what text is being sent to researchers re: OSS assignments?
- From: "Landfield, Kent B" <kent.b.landfield@intel.com>
- Re: what text is being sent to researchers re: OSS assignments?
- Prev by Date: Re: Request for vuln file formats
- Next by Date: Re: what text is being sent to researchers re: OSS assignments?
- Previous by thread: Re: Request for vuln file formats
- Next by thread: Re: what text is being sent to researchers re: OSS assignments?
- Index(es):