Re: Problematic assignments for subpar reports via CVE request form

To: jericho <jericho@attrition.org>, Kurt Seifried <kseifried@redhat.com>
Subject: Re: Problematic assignments for subpar reports via CVE request form
From: "Landfield, Kent" <Kent_Landfield@McAfee.com>
Date: Mon, 23 Oct 2017 17:38:35 +0000
Accept-language: en-US
Authentication-results: spf=none (sender IP is 129.83.29.2) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=McAfee.com;
Cc: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
Delivery-date: Mon Oct 23 13:54:51 2017
In-reply-to: <alpine.LNX.2.00.1710231230270.21035@forced.attrition.org>
List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
References: <CACph5NWoe1C7G0suzRH-Xc4HREUO+x4k88WNuuK1KZg1VRNwyg@mail.gmail.com> <3c7155a4-16b3-7ce7-1020-2686e3e81712@cert.org> <CANO=Ty0DiaGyP1LB4OgMLbys4dcC1w0ZCvNW5H6DL6PWnTBmWw@mail.gmail.com> <alpine.LNX.2.00.1710231230270.21035@forced.attrition.org>
Sender: <owner-cve-editorial-board-list@lists.mitre.org>
Spamdiagnosticmetadata: 5952c28dcc454f0789fb433d26f936ef
Spamdiagnosticoutput: 1:2
Thread-index: AQHTS9cOmrfVPIprXUe1fAl/3Ql/46LxpoqAgAAJAICAAAKrAIAAAZ2A
Thread-topic: Problematic assignments for subpar reports via CVE request form

Agreed.

-- 
Kent Landfield
+1.817.637.8026
kent_landfield@mcafee.com
 

On 10/23/17, 12:35 PM, "owner-cve-editorial-board-list@lists.mitre.org 
on behalf of jericho" <owner-cve-editorial-board-list@lists.mitre.org 
on behalf of jericho@attrition.org> wrote:

    On Mon, 23 Oct 2017, Kurt Seifried wrote:
    
    : ask for even more detail/proof. I would only go to the ban phase 
if they 
    : are flooding in requests that are still of poor quality despite 
being 
    : told they need to do better quality requests, I would suggest we 
adopt 
    : this, it's somewhat subjective, but relatively simple:
    
    He is flooding in requests that are still of poor quality.
    
    He has been told his reports are difficult to process. He was asked 
to 
    include his crashing PoCs, he still does not. He deleted the public 
issue 
    in which I asked him to do so. He shut down the issue tracker on 
the 
    GitHub repo so we cannot raise issues with his reports.
    
    To me, that meets the bar for a temporary ban until he better 
appreciates 
    that his reports are lacking serious detail and contain numerous 
    duplicates.
    
    Brian

References:
- Problematic assignments for subpar reports via CVE request form
  - From: Carsten Eiram <che@riskbasedsecurity.com>
- Re: Problematic assignments for subpar reports via CVE request form
  - From: Art Manion <amanion@cert.org>
- Re: Problematic assignments for subpar reports via CVE request form
  - From: Kurt Seifried <kseifried@redhat.com>
- Re: Problematic assignments for subpar reports via CVE request form
  - From: jericho <jericho@attrition.org>

Prev by Date: Re: Problematic assignments for subpar reports via CVE request form
Next by Date: Re: Problematic assignments for subpar reports via CVE request form
Previous by thread: Re: Problematic assignments for subpar reports via CVE request form
Next by thread: Re: Problematic assignments for subpar reports via CVE request form
Index(es):
- Date
- Thread