|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVE for hosted services
- To: jericho <jericho@attrition.org>
- Subject: Re: CVE for hosted services
- From: Art Manion <amanion@cert.org>
- Date: Tue, 28 Feb 2017 09:50:05 -0500
- Authentication-results: spf=none (sender IP is 129.83.29.2) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=cert.org;
- Cc: cve-editorial-board-list <cve-editorial-board-list@LISTS.MITRE.ORG>
- Delivery-date: Tue Feb 28 10:33:33 2017
- In-reply-to: <alpine.LNX.2.00.1702262338220.19881@forced.attrition.org>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <A4305A50-AD19-4025-842E-D89337B8269C@cisco.com> <379DDB8A-F1D2-4E4B-9307-CFBFDB0521F5@intel.com> <8942442A-17E2-4EEB-9943-648F27125AA6@cisco.com> <079d4575-d5ef-be7c-bdfb-f817e625b02e@cert.org> <CANO=Ty052fUY+BUC2zziFeiJ=cBPQWUbQozm-9ymKDkBuxo2Xg@mail.gmail.com> <ad8435b9-ba08-a5ee-25ef-cf314c75e0e5@cert.org> <1487797534.7382.18.camel@cerias.purdue.edu> <alpine.LNX.2.00.1702221518090.19881@forced.attrition.org> <d78f00cb-280e-a674-9264-edf9ed3b4507@cert.org> <CY4PR09MB1255385CC89FEF05C100E83BE6530@CY4PR09MB1255.namprd09.prod.outlook.com> <alpine.LNX.2.00.1702231801000.19881@forced.attrition.org> <4689d956-c638-b3cc-94cb-1e877c5dc64d@cert.org> <MWHPR09MB14858DAA97929742041D5606A1520@MWHPR09MB1485.namprd09.prod.outlook.com> <alpine.LNX.2.00.1702241614480.19881@forced.attrition.org> <6a9a57eb-bad0-bea7-a71b-88b059a82969@cert.org> <alpine.LNX.2.00.1702262338220.19881@forced.attrition.org>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 6cdb8bfc89744bd8bfee511e3e65aa05
- Spamdiagnosticoutput: 1:2
- User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.7.1
On 2017-02-27 00:56, jericho wrote: > : What does CAN/CVE mean in this discussion? > : > The CNA/CVE abstraction from day one made sense. Historically, it was > the > board voting on if an issue warranted a CVE assignment. It was a > CANdidate > until the board voted, or MITRE made an execute decision. The > MITRE/CVE > site actually showed those votes for a decade. > > If there were two schemes, for vuln in software (i.e. the context and > purpose of CVE), for a *decade*... > > How can you possibly ask what CAN/CVE means in this discussion? I know why CAN/CVE existed. That reason (early days of defining vulnerabilities, candidates, discussion, voting, ratification as CVE) doesn't match what discussing today today (service vs. product vulns). That's why I'm asking. I too am interested in other opinions on 1. tracking service vulns at all and 2. using a new scheme or not. I'm mildly against using a number-space carve-out, seems like this could change frequently enough to cause trouble. DWF==CVE, so DWF in 7 digits isn't quite the same issue. - Art
- Follow-Ups:
- Re: CVE for hosted services
- From: Kurt Seifried <kurt@seifried.org>
- Re: CVE for hosted services
- References:
- CVE for hosted services
- From: "Andy Balinsky (balinsky)" <balinsky@cisco.com>
- Re: CVE for hosted services
- From: "Landfield, Kent B" <kent.b.landfield@intel.com>
- Re: CVE for hosted services
- From: "Andy Balinsky (balinsky)" <balinsky@cisco.com>
- Re: CVE for hosted services
- From: Art Manion <amanion@cert.org>
- Re: CVE for hosted services
- From: Kurt Seifried <kseifried@redhat.com>
- Re: CVE for hosted services
- From: Art Manion <amanion@cert.org>
- Re: CVE for hosted services
- From: Pascal Meunier <pmeunier@cerias.purdue.edu>
- Re: CVE for hosted services
- From: jericho <jericho@attrition.org>
- Re: CVE for hosted services
- From: Art Manion <amanion@cert.org>
- RE: CVE for hosted services
- From: "Booth, Harold (Fed)" <harold.booth@nist.gov>
- RE: CVE for hosted services
- From: jericho <jericho@attrition.org>
- Re: CVE for hosted services
- From: Art Manion <amanion@cert.org>
- RE: CVE for hosted services
- From: "Coffin, Chris" <ccoffin@mitre.org>
- RE: CVE for hosted services
- From: jericho <jericho@attrition.org>
- Re: CVE for hosted services
- From: Art Manion <amanion@cert.org>
- Re: CVE for hosted services
- From: jericho <jericho@attrition.org>
- CVE for hosted services
- Prev by Date: Re: CVE for hosted services
- Next by Date: Re: CVE for hosted services
- Previous by thread: Re: CVE for hosted services
- Next by thread: Re: CVE for hosted services
- Index(es):