|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Current and future CVE states
- To: "Landfield, Kent" <Kent_Landfield@mcafee.com>
- Subject: Re: Current and future CVE states
- From: Kurt Seifried <kseifried@redhat.com>
- Date: Thu, 4 May 2017 09:14:03 -0600
- Authentication-results: spf=none (sender IP is 129.83.29.2) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=fail action=none header.from=redhat.com;
- Cc: Art Manion <amanion@cert.org>, Kurt Seifried <kurt@seifried.org>, cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
- Delivery-date: Thu May 4 11:46:51 2017
- In-reply-to: <B8C83588-EEF9-4AB0-B8E8-9247CE85C074@mcafee.com>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <CABqVa3_POGWZecLZE9+DeOu1GPNFxs05T8DgcEKhzoz6Ex9rcA@mail.gmail.com> <165d2dcc-3f53-2f3f-db68-61e3e379934a@cert.org> <B8C83588-EEF9-4AB0-B8E8-9247CE85C074@mcafee.com>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 6cdb8bfc89744bd8bfee511e3e65aa05
- Spamdiagnosticoutput: 1:2
I agree in principle but I needed something basic now, and merged to/duplicate of/split from covers, well, basically every case I've seen in several thousand CVEs.
On Wed, May 3, 2017 at 4:20 PM, Landfield, Kent <Kent_Landfield@mcafee.com> wrote:
Yes, Yes, and Yes.... vxref is what we should be using.
--
Kent Landfield
817-637-8026
kent_landfield@mcafee.com
On 5/3/17, 5:12 PM, "owner-cve-editorial-board-list@lists.mitre.org on behalf of Art Manion" <owner-cve-editorial-board-list@lists.mitre.org on behalf of amanion@cert.org> wrote:
On 2017-05-03 15:36, Kurt Seifried wrote:
> DUPLICATE_OF [CVE]
>
> SPLIT_TO [list of CVEs]
>
> MERGED_TO [lCVE]
If we're going to get into relationships between vulnerabilities --
which is related to, but possibly a bit beyond state -- I'd like to
brief the board (or automation group) on vxref, which is a structured
relationship system.
https://github.com/FIRSTdotorg/vrdx-sig-vxref- wip/tree/master/vxref
https://github.com/CERTCC-Vulnerability-Analysis/ Vulnerability-Data-Archive- Tools
Regards,
- Art
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com
- References:
- Current and future CVE states
- From: Kurt Seifried <kurt@seifried.org>
- Re: Current and future CVE states
- From: Art Manion <amanion@cert.org>
- Re: Current and future CVE states
- From: "Landfield, Kent" <Kent_Landfield@McAfee.com>
- Current and future CVE states
- Prev by Date: Re: Current and future CVE states
- Next by Date: Notice of Pilot Activity in CVE Auto WG
- Previous by thread: Re: Current and future CVE states
- Next by thread: Re: Current and future CVE states
- Index(es):