|
|
Please list any of their products where they have published an advisory in the past.
-- Kent Landfield +1.817.637.8026 kent_landfield@mcafee.com From: "Coffin, Chris" <ccoffin@mitre.org> Kent, I apologize if there was any confusion or misunderstanding around this topic. In this case, BAH was interested and was willing to participate in the program as a CNA for their own products. They are also willing to fill the gaps where other CNAs do not provide coverage. Our understanding
from the discussion was that this CNA falls into the category of a large and established organization that should be part of the CVE program, especially if they are reaching out to us to participate. It was the smaller research organizations that were the
issue, right? If we run into any significant scope concerns with any of our CNAs, we can definitely address those when they appear. The concerns regarding the addition of new CNAs to the program were noted and we will put
a hold on any outreach activities temporarily. As we discussed, we will focus on building the base, i.e., identifying and developing Root CNAs. We can continue this discussion in the next Strategic Planning WG call and list.
Regards, Chris From: Landfield, Kent [mailto:Kent_Landfield@McAfee.com]
Why do we have Board calls if what is discussed on the calls are just ignored? I personally feel there were serious issues discussed with these types of CNAs but yet here we are with the
Board comments totally ignored and the focus of the discussion now a CNA? We specifically discussed BAH and multiple Board Members had issues.
I personally do NOT want a slew of beltway bandits lining up with “me-too” requests. This type of CNA is NOT helpful to CVE, as discussed on the Board call. But that’s ok, no one will listen yet again to the thoughts and comments of Board members. From: <owner-cve-editorial-board-list@lists.mitre.org> on behalf of "Adinolfi, Daniel R" <dadinolfi@mitre.org> Greetings, Booz Allen Hamilton is now a CNA. Their scope is all Booz Allen Hamilton products as well as vulnerabilities in third-party software discovered by Booz Allen Hamilton that are not covered by another
CNA. Note, though we discussed the concerns related to too many new CNAs being on-boarded during last week's Board meeting, BAH was in the queue and had requested their participation many weeks ago. Their public contact point is
CVE@bah.com. Thanks. -Dan _________________________ Daniel Adinolfi, CISSP Lead Cybersecurity Engineer, The MITRE Corporation CVE Numbering Authority (CNA) Coordinator Email: <dadinolfi@mitre.org> Phone: 781-271-5774 |