|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [CVEPRI] Increasing numbers and timeliness of candidates
> People will reserve candidates only if the CVE is perceived as a > timely point of reference and having a CVE number in initial > references is desirable. I agree and this is where getting a critical mass of vendor involvement higher up the food chain is essential. Red Hat is a good example as we have to deal with issues in hundreds of third party packages. We can never expect that every open source package author is going to know about or understand CVE, or even that the issue reporter will. So it's up to us and companies in the same position to do the advocacy. Since getting involved in CVE I've been trying to reserve candidates that affect Linux vendors well in advance of issues becoming public and distributing the names to the original reporter, other affected vendors, in a number of initial annoucements from reporters. Get a few more big vendors on board, get CERT reserving names for everything they talk to us and other vendors about, and raise the profile a bit on bugtraq and then CVE will be more timely and relevant. Cheers, Mark -- Mark J Cox / Red Hat / OpenSSL / Apache Software Foundation mjc@redhat.com // T: +44 798 061 3110 // F: +44 870 1319174
|
||||
