[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: assignments for malware

On 2018-08-14 17:37, Millar, Thomas wrote:
> Are people going to find out about and fix these issues in their 
> environment without a CVE? In other words, will a malware indicator 
> do the job? If so, then it doesn’t need to be in scope.

Arguing mostly against myself, a CVE ID may well raise attention, which 
is desirable.

The problem is opening the scope of CVE too widely.  Maybe an 
"exposure" is that I thought some software was legit, but turns out it 
was not?  As opposed to something that is clearly malware from the 
start?

We have a lot of malware to assign CVE IDs to.

 - Art
Page Last Updated or Reviewed: August 17, 2018