|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: what text is being sent to researchers re: OSS assignments?
- To: jericho <jericho@attrition.org>
- Subject: RE: what text is being sent to researchers re: OSS assignments?
- From: "Coffin, Chris" <ccoffin@mitre.org>
- Date: Mon, 19 Dec 2016 19:54:16 +0000
- Accept-language: en-US
- Authentication-results: spf=none (sender IP is 129.83.29.3) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=mitre.org;mitre.org; dkim=none (message not signed) header.d=none;
- Cc: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>, "Landfield, Kent B" <kent.b.landfield@intel.com>
- Delivery-date: Mon Dec 19 16:23:34 2016
- In-reply-to: <alpine.LNX.2.00.1612191221490.23402@forced.attrition.org>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <alpine.LNX.2.00.1612182041380.23402@forced.attrition.org> <65953FAA-EED4-4B7E-BAE2-3865558B7704@intel.com> <04084330-AF44-4EFC-98BD-072B0870F77A@intel.com> <alpine.LNX.2.00.1612191221490.23402@forced.attrition.org>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 6cdb8bfc89744bd8bfee511e3e65aa05
- Spamdiagnosticoutput: 1:2
- Thread-index: AQHSWaMRGQz16mNqYkOv/YTD3kBvFKEPUQAAgAALSACAADpwAIAAEiDA
- Thread-topic: what text is being sent to researchers re: OSS assignments?
> Yes, this is basically my point. The wording of the blog I quoted > suggests that the text MITRE is sending may not jibe with "check > these links first". It sounds like he was told "anything OSS go to > DWF". Thus my question for clarification. A CVE team analyst directs the request to the appropriate CNA as needed. We do have some template text that we send out for requests that should be handled by the DWF CNA, but it's just basic info how to submit a request to them. In addition, we have begun providing the requester the text of their CVE web form request so that they don't need to retype everything on the DWF side. Note that the CNA list has grown and the proper routing for a request will only get more complicated. As Kent suggested earlier, we have spoken about moving towards a landing page where we could implement some form of automation that handles this routing in a timely and consistent manner (e.g., if Product == Microsoft, send request to secure@microsoft.com, if open_source == True AND Product != 'Apache', send request to DWF, etc.). If you have any suggestions please pass them along. Chris -----Original Message----- From: owner-cve-editorial-board-list@lists.mitre.org [mailto:owner-cve-editorial-board-list@lists.mitre.org] On Behalf Of jericho Sent: Monday, December 19, 2016 12:24 PM To: Landfield, Kent B <kent.b.landfield@intel.com> Cc: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org> Subject: Re: what text is being sent to researchers re: OSS assignments? Importance: High On Mon, 19 Dec 2016, Landfield, Kent B wrote: : Couple points of reference.... : : https://cve.mitre.org/cve/data_sources_product_coverage.html#products : https://cve.mitre.org/cve/cna.html Yes, this is basically my point. The wording of the blog I quoted suggests that the text MITRE is sending may not jibe with "check these links first". It sounds like he was told "anything OSS go to DWF". Thus my question for clarification. : On 12/19/16, 8:13 AM, "owner-cve-editorial-board-list@lists.mitre.org on behalf of Landfield, Kent B" <owner-cve-editorial-board-list@lists.mitre.org on behalf of kent.b.landfield@intel.com> wrote: : : Can we please post this to the appropriate place? If you have an : issue with this decision that the Board actively discussed, please as : the question there. There is no reason to cross-post every message to : both lists. This was a swim lane issue discussed by the Board and also : discussed at the face-to-face meeting we had in Rockville, MD in : November. Not questioning the decision, questioning how this was implemented in the context of CVE consumers requesting an ID. To me this is a Board issue and impacts the CNA, so I posted to both lists.
- Follow-Ups:
- Re: what text is being sent to researchers re: OSS assignments?
- From: Kurt Seifried <kseifried@redhat.com>
- Re: what text is being sent to researchers re: OSS assignments?
- References:
- what text is being sent to researchers re: OSS assignments?
- From: jericho <jericho@attrition.org>
- Re: what text is being sent to researchers re: OSS assignments?
- From: "Landfield, Kent B" <kent.b.landfield@intel.com>
- Re: what text is being sent to researchers re: OSS assignments?
- From: "Landfield, Kent B" <kent.b.landfield@intel.com>
- Re: what text is being sent to researchers re: OSS assignments?
- From: jericho <jericho@attrition.org>
- what text is being sent to researchers re: OSS assignments?
- Prev by Date: Re: what text is being sent to researchers re: OSS assignments?
- Next by Date: Re: what text is being sent to researchers re: OSS assignments?
- Previous by thread: Re: what text is being sent to researchers re: OSS assignments?
- Next by thread: Re: what text is being sent to researchers re: OSS assignments?
- Index(es):