|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Test set of CVE IDs
- To: "Adinolfi, Daniel R" <dadinolfi@mitre.org>
- Subject: Re: Test set of CVE IDs
- From: Kurt Seifried <kseifried@redhat.com>
- Date: Sun, 8 Jan 2017 20:53:18 -0700
- Authentication-results: spf=none (sender IP is 129.83.29.2) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=redhat.com;mitre.org; dkim=none (message not signed) header.d=none;
- Cc: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
- Delivery-date: Mon Jan 9 07:50:48 2017
- In-reply-to: <310AF9A7-ECC6-41A7-A0F6-F5AE286C0B17@mitre.org>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <310AF9A7-ECC6-41A7-A0F6-F5AE286C0B17@mitre.org>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 6cdb8bfc89744bd8bfee511e3e65aa05
- Spamdiagnosticoutput: 1:2
On Fri, Jan 6, 2017 at 6:43 AM, Adinolfi, Daniel R <dadinolfi@mitre.org> wrote:
Folks,
During our last Board meeting, there was a discussion of the feasibility of creating a set of test CVE ID to use when developing new software or testing processes.
Such a set of data was made available when the CVE ID Syntax change occurred, and we provided this:
<https://cve.mitre.org/cve/
identifiers/tech-guidance. >html#test_data
If this test data is not sufficient, what requirements are missing? What are the more specific use cases for "test CVE IDs" that you would like to accomplish?
These are all from year 2014, also only 28 of them, I'm thinking more cases where I run the scripts/system/whatever to convert a bunch of data into CVEs, and grind it through my whole system (once I have one) using a set of CVE #'s which I can hardcode the final presentation systems/etc to ignore (e.g. for the sake of argument CVE-YEAR-98765****). This isn't a needed use case really yet, but long term with automation I'm wondering how we do as close to live testing as possible (hence the request).
Thanks.
-Dan
--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com
- References:
- Test set of CVE IDs
- From: "Adinolfi, Daniel R" <dadinolfi@mitre.org>
- Test set of CVE IDs
- Prev by Date: Test set of CVE IDs
- Next by Date: Agenda for CVE Board Meeting January 11 (Wednesday)
- Previous by thread: Test set of CVE IDs
- Next by thread: Agenda for CVE Board Meeting January 11 (Wednesday)
- Index(es):