|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: upcoming intel issue
- To: Kurt Seifried <kurt@seifried.org>, cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
- Subject: Re: upcoming intel issue
- From: "Landfield, Kent" <Kent_Landfield@McAfee.com>
- Date: Wed, 3 Jan 2018 20:58:37 +0000
- Accept-language: en-US
- Authentication-results: spf=none (sender IP is 198.49.146.235) smtp.mailfrom=LISTS.MITRE.ORG; imc.mitre.org; dkim=none (message not signed) header.d=none;imc.mitre.org; dmarc=none action=none header.from=McAfee.com;
- Delivery-date: Wed Jan 3 16:33:36 2018
- In-reply-to: <CABqVa3-+RnbeTMamFGSXJ8s+7E=Q+PkMDPUYmtdjjey3DZpC0g@mail.gmail.com>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <CABqVa3-+RnbeTMamFGSXJ8s+7E=Q+PkMDPUYmtdjjey3DZpC0g@mail.gmail.com>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 5952c28dcc454f0789fb433d26f936ef
- Spamdiagnosticoutput: 1:2
- Thread-index: AQHThM2pq0z1/i3t70OFG095zEiIwaNiPQ4A
- Thread-topic: upcoming intel issue
|
They are being done by Intel. Publishing pending shortly. On your second question, you have hit one of my sore points… I am a vendor, Intel is a vendor, RedHat is a vendor. I do not want ANYONE creating CVEs for my company’s
issues except my PSIRT team. Vendors need to be given the first opportunity and only if they officially have stated they are not going to issue an appropriate CVE in a clear and precise way, should anyone ever get in the way of their alerting their customers
through an established advisory process. There is NO first-come-first-served with an authorized CVE CNAs. Period. Thank you, Gracias, Grazie, 谢谢, Merci!, Спасибо!, Danke!, ありがとう, धन्यवाद! -- Kent Landfield +1.817.637.8026 kent_landfield@mcafee.com From: <owner-cve-editorial-board-list@lists.mitre.org> on behalf of Kurt Seifried <kurt@seifried.org> So the thing that's in the news, assuming it has CVEs, can we make sure they are populated to the CVE database asap, and if Intel does not do we have a plan B (e.g. MITRE writes them up?).
Also in general I think we should probably figure out some guidelines for these high visibility issues, e.g. encourage the original CNA to get them into the database asap, and have a plan B in case they don't (e.g. MITRE or someone else
with info writes them up? first come first served? trusted parties only? or?). -- Kurt Seifried |
- Follow-Ups:
- Re: upcoming intel issue
- From: jericho <jericho@attrition.org>
- Re: upcoming intel issue
- References:
- upcoming intel issue
- From: Kurt Seifried <kurt@seifried.org>
- upcoming intel issue
- Prev by Date: upcoming intel issue
- Next by Date: Re: upcoming intel issue
- Previous by thread: upcoming intel issue
- Next by thread: Re: upcoming intel issue
- Index(es):