|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CVE request form is missing an important bit
- To: CVE Editorial Board <cve-editorial-board-list@lists.mitre.org>
- Subject: CVE request form is missing an important bit
- From: jericho <jericho@attrition.org>
- Date: Wed, 4 Jan 2017 17:39:03 -0600
- Authentication-results: spf=none (sender IP is 129.83.29.3) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=attrition.org;mitre.org; dkim=none (message not signed) header.d=none;
- Delivery-date: Thu Jan 5 07:45:52 2017
- Importance: high
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 6cdb8bfc89744bd8bfee511e3e65aa05
- Spamdiagnosticoutput: 1:2
- User-agent: Alpine 2.00 (LNX 1167 2008-08-23)
MITRE,The current form for requesting a CVE ID [1] only has one box that could be used for this, "Additional information", but does not prompt the question at all. The significant thing missing is that when requesting an ID, you should be asked what year the ID is for.
e.g. I requested an ID for my day job yesterday and it even slipped my mind that it technically should have been a 2016 ID since the issue was discovered in December. As the form does not include anything to ask such a question, it didn't occur to me either.
I believe the form needs to add a box or drop-down and request this information, likely with a one-liner about how the year-based assignments work (i.e. year it was discovered and/or disclosed to vendor, not publicly), to better track vulnerabilities by year.
.b [1] https://cveform.mitre.org/
- Follow-Ups:
- RE: CVE request form is missing an important bit
- From: "Coffin, Chris" <ccoffin@mitre.org>
- RE: CVE request form is missing an important bit
- Prev by Date: Strategic WG Notes - 01/04/2017 meeting
- Next by Date: RE: CVE request form is missing an important bit
- Previous by thread: Strategic WG Notes - 01/04/2017 meeting
- Next by thread: RE: CVE request form is missing an important bit
- Index(es):