[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVE scope question

To: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
Subject: CVE scope question
From: Kurt Seifried <kurt@seifried.org>
Date: Wed, 19 Apr 2017 22:06:08 -0600
Authentication-results: spf=none (sender IP is 129.83.29.3) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=seifried.org;
Delivery-date: Thu Apr 20 07:46:03 2017
List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
Sender: <owner-cve-editorial-board-list@lists.mitre.org>
Spamdiagnosticmetadata: 6cdb8bfc89744bd8bfee511e3e65aa05
Spamdiagnosticoutput: 1:2

Should we start covering privacy related issues? There seems to be an increasingly common trend of apps/devices phoning home and sending data (or a lot more data then they claim/admit to), I'm sure it's buried somewhere in the fine print for some of these, but you can't really disclaim all security vulnerabilities with some fine print listing every CWE =).

Example: http://www.reuters.com/article/us-bose-lawsuit-idUSKBN17L2BT?il=0

Kurt Seifried
kurt@seifried.org

Prev by Date: Re: Microsoft CNA assignment issues for April
Next by Date: Re: MITRE can now accept CVE ID publication notifications formatted in JSON
Previous by thread: Re: Mozilla improper CVE assignment, does not conform to CNA rules
Next by thread: DWF can go from red to a very dark orange...
Index(es):
- Date
- Thread

Page Last Updated or Reviewed: April 25, 2017

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.