Re: An interesting data point

[jericho <jericho@attrition.org>]

On Mon, 4 Dec 2017, Kurt Seifried wrote:

: Sorry I should be more clear: this is current data in the spreadsheet 
: that hasn't yet had CVE's assigned.
: 
: 
https://docs.google.com/spreadsheets/d/1Jq_OpPxS5q8dLYdoWjKmklQG2AH8d9vl_2oKp-eGwA0
: 
: There's also some historical rejects/etc (e.g. stuff that was beyond 
: saving or I never got a reply) in the other tabs of that spreadsheet.

Ok wow, that expands things a bit. So three things based on a quick 
skim:

#1 2017-1000186 doesn't appear to be in there, yet is a DWF assignment. 
Makes me think that your original mail applies to this sheet only. 
Makes 
me wonder what the status codes for prior assignments would look like, 
in 
a summary as you originally provided. That said, this sheet, along with 
the original mail, still doesn't give me the info needed to answer my 
question about 1000186.

#2 Line 211/212, can you assign these ASAP? Hanno reached out to me 
earlier today, frustrated at the time it has taken to get an assignment 
for WolfSSL, as his intended multi-vendor disclosure date looms closer. 
Please respond to him directly.

#3 I get that the sheet makes export and CSV manipulation easy, but 
would 
someone expand the columns to make this more easily readable to humans, 
or 
give me permission so I can do it? =)

.b


: On Mon, Dec 4, 2017 at 10:12 PM, jericho <jericho@attrition.org> 
wrote:
: >
: > On Mon, 4 Dec 2017, Kurt Seifried wrote:
: >
: > : So from the current crop of CVE requests the DWF got:
: > :
: > :  7 BAD:DESCRIPTION
: > :    8 BAD:DESCRIPTION:MISSING:DETAILS
: > :   23 
BAD:DESCRIPTION:MISSING:PRODUCT,BAD:DESCRIPTION:MISSING:VERSION
: > :   19 BAD:DESCRIPTION:MISSING:VERSION
: > :    1 BAD:MULTIPLE_ISSUES
: > :   11 BAD:REF_URL
: > :    1 
BAD:REF_URL,BAD:DESCRIPTION:MISSING:VERSION,BAD:DESCRIPTION:MISSING:PRODUCT
: > :    2 BAD:VULN_TYPE
: > :    1 NEEDINFO
: > :  153 OK
: > :
: > : The status codes are at
: > : 
https://github.com/distributedweaknessfiling/DWF-Documentation/blob/master/DWF-STATUS-ERROR-CODES-for-CVE-requests.md
: > : but should be pretty self evident. The good news is that a lot of 
these
: > : can be fixed without to much work, but I definitely need to 
figure out
: > : how to help people make better requests/write the descriptions 
(or auto
: > : generate them.. I think that's the way to go).
: >
: > Out of curiosity, since the information above doesn't let me figure 
it
: > out, what was the disposition code for CVE-2017-1000186? Curious if 
that
: > was one of the non-OK entries.
: >
: > Brian
: 
: 
: 
: -- 
: 
: Kurt Seifried -- Red Hat -- Product Security -- Cloud
: PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
: Red Hat Product Security contact: secalert@redhat.com
: