|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: New CNA - Booz Allen Hamilton
- To: Beverly Finch <beverlyfinch@lenovo.com>, "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>, "Millar, Thomas" <Thomas.Millar@hq.dhs.gov>, jericho <jericho@attrition.org>, "Coffin, Chris" <ccoffin@mitre.org>
- Subject: Re: New CNA - Booz Allen Hamilton
- From: Art Manion <amanion@cert.org>
- Date: Wed, 8 Nov 2017 10:09:12 -0500
- Authentication-results: spf=none (sender IP is 129.83.29.3) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=fail action=none header.from=cert.org;
- Cc: cve-editorial-board-list <cve-editorial-board-list@LISTS.MITRE.ORG>
- Delivery-date: Wed Nov 8 10:45:25 2017
- Dkim-filter: OpenDKIM Filter v2.11.0 taper.sei.cmu.edu vA8F9OLP009154
- In-reply-to: <63507D25FF3F774F9AA912018147F1DB01086CC236@USMAILMBX01>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <A62F8A57-2B88-4230-A5BC-E7E6AFC7FAE4@mitre.org> <300CD105-1EAB-4F10-B1CA-FBA6368CFE4C@mcafee.com> <MWHPR09MB145642C998709E75B4C487C9A1500@MWHPR09MB1456.namprd09.prod.outlook.com> <alpine.LNX.2.00.1711061542010.22101@forced.attrition.org> <7748E4BAEC3B964387F3535351DCBA1F0115411261@D2ASEPREA010> <ksqsbvbo4d0khtmqb770dseg.1510021841436@email.android.com> <63507D25FF3F774F9AA912018147F1DB01086CC236@USMAILMBX01>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 5952c28dcc454f0789fb433d26f936ef
- Spamdiagnosticoutput: 1:2
- User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
On 2017-11-07 08:51, Beverly Finch wrote: > Can we target suppliers like Infineon, Realtek, Sierra Wireless, > Dolby for instance? > We've had vulns published for their products and all were not willing > to request CVE. In the case of Infineon, someone else (US-CERT?) > assigned the CVE. My .02 after reading the thread. I have no immediate problems adding BAH as a CNA. They agree to follow CNA rules, fine. They sure don't seem like a high-priority choice (no history of CVE). Opportunity cost -- yes, there are probably more valuable CNA targets, for example, Beverly's list. But if they asked to be a CNA and will follow CNA rules, no concerns. (Dave) Rapid expansion vs. governance/structure -- I'm OK with the current balance. - Art
- References:
- New CNA - Booz Allen Hamilton
- From: "Adinolfi, Daniel R" <dadinolfi@mitre.org>
- Re: New CNA - Booz Allen Hamilton
- From: "Landfield, Kent" <Kent_Landfield@McAfee.com>
- RE: New CNA - Booz Allen Hamilton
- From: "Coffin, Chris" <ccoffin@mitre.org>
- RE: New CNA - Booz Allen Hamilton
- From: jericho <jericho@attrition.org>
- RE: New CNA - Booz Allen Hamilton
- From: "Millar, Thomas" <Thomas.Millar@hq.dhs.gov>
- RE: New CNA - Booz Allen Hamilton
- From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
- RE: New CNA - Booz Allen Hamilton
- From: Beverly Finch <beverlyfinch@lenovo.com>
- New CNA - Booz Allen Hamilton
- Prev by Date: RE: New CNA - Booz Allen Hamilton
- Next by Date: New CNA - SAP
- Previous by thread: RE: New CNA - Booz Allen Hamilton
- Next by thread: RE: New CNA - Booz Allen Hamilton
- Index(es):