|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Notice of Pilot Activity in CVE Auto WG - Supporting NVD's Participation
- To: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
- Subject: Notice of Pilot Activity in CVE Auto WG - Supporting NVD's Participation
- From: "Theall, George A" <gtheall@mitre.org>
- Date: Thu, 1 Mar 2018 07:51:11 -0500
- Accept-language: en-US
- Authentication-results: spf=none (sender IP is 198.49.146.235) smtp.mailfrom=LISTS.MITRE.ORG; imc.mitre.org; dkim=none (message not signed) header.d=none;imc.mitre.org; dmarc=none action=none header.from=mitre.org;
- Cc: cve-board-auto-list <cve-board-auto-list@lists.mitre.org>
- Delivery-date: Thu Mar 1 07:53:32 2018
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- Sender: "owner-cve-editorial-board-list@lists.mitre.org" <owner-cve-editorial-board-list@lists.mitre.org>
- Thread-index: AdOxW/wrcf67jZi8SRaj1ItS8Zj/mQ==
- Thread-topic: Notice of Pilot Activity in CVE Auto WG - Supporting NVD's Participation
|
To support NVD's participation in the git pilot, MITRE proposes to add one or two attributes to reference objects in the CVE JSON files in the cvelist repo, which will allow NIST to regenerate the CVE List from the repo rather than having
to rely on an older download file (allitems.xml). Specifically, we propose to add the following attributes : - "source", which represents the source of the reference. It will have one of the values listed at
https://cve.mitre.org/data/refs/#sources; eg, "CERT-VN", "CISCO", "CONFIRM", "REDHAT", etc. - "name", which is a string that helps identify the reference among others in the same source; eg, "VU#584653" (for CERT-CC), "20180104 CPU Side-Channel Information Disclosure Vulnerabilities" (for "CISCO") "RHSA-2018:0292" (for "REDHAT"),
etc. Note that, while MITRE uses the reference URL as the name for the "CONFIRM" and "MISC" sources in the CVE List, we plan to omit this attribute for those two sources. If there are objections from anyone on the Board list, please let us know and we will discuss in the next call. Otherwise, we will proceed with the change and implement early next week George -- gtheall@mitre.org The MITRE Corporation |
- Follow-Ups:
- Re: Notice of Pilot Activity in CVE Auto WG - Supporting NVD's Participation
- From: Kurt Seifried <kseifried@redhat.com>
- RE: Notice of Pilot Activity in CVE Auto WG - Supporting NVD's Participation
- From: "Theall, George A" <gtheall@mitre.org>
- Re: Notice of Pilot Activity in CVE Auto WG - Supporting NVD's Participation
- Next by Date: Re: Notice of Pilot Activity in CVE Auto WG - Supporting NVD's Participation
- Next by thread: Re: Notice of Pilot Activity in CVE Auto WG - Supporting NVD's Participation
- Index(es):