Re: Notice of Pilot Activity in CVE Auto WG - Supporting NVD's Participation

["Waltermire, David A. (Fed)" <david.waltermire@nist.gov>]

It seems like the CNA/publisher registry might be a good way to support registration of namespaces if they are purely organizational in nature. If they are functional in nature (e.g., represent a model), we will need to come up with something else.

I think in general we need to better understand what we would want to do with this feature to figure out what makes the most sense.

Regards,
Dave

-------- Original Message --------
From: owner-cve-board-auto-list@lists.mitre.org on behalf of Kurt Seifried <kseifried@redhat.com>
Date: Wed, March 14, 2018 6:14 AM +0900
To: Chandan Nandakumaraiah <cbn@juniper.net>
CC: Kurt Seifried <kurt@seifried.org>, cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>, cve-board-auto-list <cve-board-auto-list@lists.mitre.org>
Subject: Re: Notice of Pilot Activity in CVE Auto WG - Supporting NVD's Participation

That (and many other reasons) is exactly why I'm going to go talk to them. 

https://github.com/grafeas/grafeas/issues/113

On Tue, Mar 13, 2018 at 2:58 PM, Chandan Nandakumaraiah <cbn@juniper.net> wrote:

On 3/13/18 1:04 PM, Kurt Seifried wrote:
> So I just learned about grafeas (did a podcast with Chris Rosen as
> guest), anyways TL;DR: they are basically doing similar things with JSON
> including something that is very similar to the alias field I proposed:
>
> https://github.com/grafeas/grafeas
...
> So the above is similar in that you have a defined namespace and then
> some value. 

How are they solving the problem of identifying namespaces?
Who creates, assigns or manages namespaces?

Thanks,
-Chandan
--
Security Incident Response Team
Juniper Networks

--

Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com