[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: New CNA - Booz Allen Hamilton



Kent,

 

I am not aware of any at this time and haven’t performed a search. Are you suggesting that we avoid bringing on CNAs who have not published a prior product advisory regarding their own products? Just speculating, but it’s definitely possible that they have some things lined up and that’s the reason that they are now reaching out.

 

Regards,

 

Chris

 

From: Landfield, Kent [mailto:Kent_Landfield@McAfee.com]
Sent: Monday, November 6, 2017 3:51 PM
To: Coffin, Chris <ccoffin@mitre.org>
Cc: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
Subject: Re: New CNA - Booz Allen Hamilton

 

Please list any of their products where they have published an advisory in the past.

 

-- 

Kent Landfield

+1.817.637.8026

kent_landfield@mcafee.com

 

 

From: "Coffin, Chris" <ccoffin@mitre.org>
Date: Monday, November 6, 2017 at 3:32 PM
To: Kent Landfield <
Kent_Landfield@McAfee.com>
Cc: cve-editorial-board-list <
cve-editorial-board-list@lists.mitre.org>
Subject: RE: New CNA - Booz Allen Hamilton

 

Kent,

 

I apologize if there was any confusion or misunderstanding around this topic.

 

In this case, BAH was interested and was willing to participate in the program as a CNA for their own products. They are also willing to fill the gaps where other CNAs do not provide coverage. Our understanding from the discussion was that this CNA falls into the category of a large and established organization that should be part of the CVE program, especially if they are reaching out to us to participate. It was the smaller research organizations that were the issue, right?

 

If we run into any significant scope concerns with any of our CNAs, we can definitely address those when they appear. The concerns regarding the addition of new CNAs to the program were noted and we will put a hold on any outreach activities temporarily. As we discussed, we will focus on building the base, i.e., identifying and developing Root CNAs. We can continue this discussion in the next Strategic Planning WG call and list.

 

Regards,

 

Chris

 

From: Landfield, Kent [mailto:Kent_Landfield@McAfee.com]
Sent: Monday, November 6, 2017 3:14 PM
To: cve-editorial-board-list <
cve-editorial-board-list@lists.mitre.org>; Coffin, Chris <ccoffin@mitre.org>
Subject: Re: New CNA - Booz Allen Hamilton

 

Why do we have Board calls if what is discussed on the calls are just ignored?  I personally feel there were serious issues discussed with these types of CNAs but yet here we are with the Board comments totally ignored and the focus of the discussion now a CNA? We specifically discussed BAH and multiple Board Members had issues. 

 

I personally do NOT want a slew of beltway bandits lining up with “me-too” requests. This type of CNA is NOT helpful to CVE, as discussed on the Board call.

 

But that’s ok, no one will listen yet again to the thoughts and comments of Board members.

 

-- 

Kent Landfield

+1.817.637.8026

kent_landfield@mcafee.com

 

 

From: <owner-cve-editorial-board-list@lists.mitre.org> on behalf of "Adinolfi, Daniel R" <dadinolfi@mitre.org>
Date: Monday, November 6, 2017 at 1:13 PM
To: cve-editorial-board-list <
cve-editorial-board-list@lists.mitre.org>
Subject: New CNA - Booz Allen Hamilton

 

Greetings,

 

Booz Allen Hamilton is now a CNA. Their scope is all Booz Allen Hamilton products as well as vulnerabilities in third-party software discovered by Booz Allen Hamilton that are not covered by another CNA.

 

Note, though we discussed the concerns related to too many new CNAs being on-boarded during last week's Board meeting, BAH was in the queue and had requested their participation many weeks ago.

 

Their public contact point is CVE@bah.com.

 

Thanks.

 

-Dan

_________________________

Daniel Adinolfi, CISSP

Lead Cybersecurity Engineer, The MITRE Corporation

CVE Numbering Authority (CNA) Coordinator

Email: <dadinolfi@mitre.org>  Phone: 781-271-5774

 

 

 


Page Last Updated or Reviewed: November 07, 2017