|
|
"Steven M. Christey" wrote: > <SNIP> > > 2) It is not publicly known > Just a thought: Do we mean to preclude the CVE from being a forum of initial announcement of a vulnerability? My guess is that most CVE entries would already be well known elsewhere, but what if we have validated information of a previously unknown vulnerability? Of course, we could submit it to bugtraq or ntbugtraq, or whatever, and then enter it. OTOH, if your intent is that we will not have "secret" cve entries, fine, say that. Bill
begin:vcard n:Hill;William tel;work:703-883-6416 x-mozilla-html:TRUE org:The MITRE Corporation adr:;;1820 Dolley Madison Blvd;McLean;VA;22102; version:2.1 email;internet:bill@mitre.org title:INFOSEC Engineer fn:Bill Hill end:vcard
S/MIME Cryptographic Signature