|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: CVE For Services
- To: Art Manion <amanion@cert.org>, "Millar, Thomas" <Thomas.Millar@hq.dhs.gov>, "Andy Balinsky (balinsky)" <balinsky@cisco.com>, "kseifried@redhat.com" <kseifried@redhat.com>
- Subject: RE: CVE For Services
- From: Beverly Finch <beverlyfinch@lenovo.com>
- Date: Wed, 6 Sep 2017 14:33:24 +0000
- Accept-language: en-US
- Authentication-results: spf=none (sender IP is 129.83.29.2) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=fail action=none header.from=lenovo.com;
- Cc: cve-editorial-board-list <cve-editorial-board-list@LISTS.MITRE.ORG>
- Delivery-date: Wed Sep 6 10:57:23 2017
- In-reply-to: <c2eba838-ec29-5072-a0f2-6ff23ea2a4dd@cert.org>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <164102EE-4473-42F6-A563-05DE00A50523@cisco.com> <55cf7646-6c2f-14ab-088d-e727afa0cba7@redhat.com> <2CC93EDD-F1E9-4DFD-A196-7885A9CEB92E@cisco.com> <7748E4BAEC3B964387F3535351DCBA1F01153D8709@D2ASEPREA010> <c2eba838-ec29-5072-a0f2-6ff23ea2a4dd@cert.org>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 5952c28dcc454f0789fb433d26f936ef
- Spamdiagnosticoutput: 1:2
- Thread-index: AQHTJryNBc/EEwip20OumxD/xTMPs6KnqZeAgAClHACAAAMfAIAABN6A//+V9QA=
- Thread-topic: CVE For Services
Can someone give a few examples of a service vulnerability? Regards, Beverly M Finch, PMP PSIRT Program Manager Product Security Office 7001 Development Drive Office 3N-C1 Morrisville, NC 27560 +1 919 294 5873 beverlyfinch@lenovo.com Lenovo.com Twitter | Facebook | Instagram | Blogs | Forums -----Original Message----- From: owner-cve-editorial-board-list@lists.mitre.org [mailto:owner-cve-editorial-board-list@lists.mitre.org] On Behalf Of Art Manion Sent: Wednesday, September 6, 2017 9:53 AM To: Millar, Thomas; Andy Balinsky (balinsky); kseifried@redhat.com Cc: cve-editorial-board-list Subject: Re: CVE For Services On 2017-09-06 09:35, Millar, Thomas wrote: > 4. Plus whatever we said 6 months ago; I'm in transit so the archives > are not readily accessible My recollection, human memory being what it is, was that it would be permissible to assign CVE IDs to service vulnerabilities, but that we didn't expect anything near comprehensive coverage, for reasons in this thread and others. Also we didn't expect CVE or other CNAs to make a concerted effort to track service vulnerabilities (although, we didn't finish the bug bounty provider discussion). About the legality of testing services: While interesting, not directly CVE's problem. Confirmation/evidence collection of service vulnerabilities will be much harder. - Art
- Follow-Ups:
- Re: CVE For Services
- From: Kurt Seifried <kseifried@redhat.com>
- Re: CVE For Services
- References:
- CVE For Services
- From: "Andy Balinsky (balinsky)" <balinsky@cisco.com>
- Re: CVE For Services
- From: "kseifried@redhat.com" <kseifried@redhat.com>
- Re: CVE For Services
- From: "Andy Balinsky (balinsky)" <balinsky@cisco.com>
- RE: CVE For Services
- From: "Millar, Thomas" <Thomas.Millar@hq.dhs.gov>
- Re: CVE For Services
- From: Art Manion <amanion@cert.org>
- CVE For Services
- Prev by Date: RE: CVE For Services
- Next by Date: Re: CVE For Services
- Previous by thread: Re: CVE For Services
- Next by thread: Re: CVE For Services
- Index(es):