Re: Sources: Full and Partial Coverage

To: "Mann, Dave" <damann@mitre.org>
Subject: Re: Sources: Full and Partial Coverage
From: Art Manion <amanion@cert.org>
Date: Thu, 17 May 2012 09:17:30 -0400
CC: cve-editorial-board-list <cve-editorial-board-list@LISTS.MITRE.ORG>
Delivery-Date: Thu May 17 09:19:40 2012
In-Reply-To: <2F43C4D2BE8AD24C8AC17D8C64B379B316E94C@IMCMBX01.MITRE.ORG>
List-Help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
List-Owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
List-Subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
List-Unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
OpenPGP: id=36C268A3
References: <2F43C4D2BE8AD24C8AC17D8C64B379B316BE3E@IMCMBX01.MITRE.ORG> <ED311CBEE6993C428563DEDF6D083BC83E4ABFE7@usilms113b.ca.com> <alpine.LNX.2.00.1205091307280.10340@forced.attrition.org> <2F43C4D2BE8AD24C8AC17D8C64B379B316E94C@IMCMBX01.MITRE.ORG>
Sender: <owner-cve-editorial-board-list@LISTS.MITRE.ORG>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:11.0) Gecko/20120327 Thunderbird/11.0.1

On 2012-05-10 15:50 , Mann, Dave wrote:

> THE PRIMARY QUESTIONS WE'RE SEEKING GUIDANCE ON ARE:
> A) SHOULD ANY OF OUR SUGGESTED PARTIALLY COVERED SOURCES BE PROMOTED BACK TO FULLY COVERED STATUS?
> B) ARE THERE ANY OTHER SOURCES YOU BELIEVE SHOULD BE FULLY COVERED?

> SHOULD BE FULLY COVERED
> -----------------------

> US-CERT: Technical Cyber Security Alerts

These at the moment are often *not* providing any "OC" vulnerability
information.  Even if an Alert is a first public disclosure, the issue
will be covered by a Vulnerability Note (see below).  Suggest moving
this to "selective."

> SHOULD BE MONITORED BUT SELECTIVELY COVERED (being demoted)
> -------------------------------------------

> US-CERT: Vulnerability Notes [1]

Move this to "full."  Lots of these are first public disclosures, often
with CVE IDs from our CNA reserved pool.

 - Art

References:
- Sources: Full and Partial Coverage
  - From: "Mann, Dave" <damann@mitre.org>
- RE: Sources: Full and Partial Coverage
  - From: "Williams, James K" <James.Williams@ca.com>
- RE: Sources: Full and Partial Coverage
  - From: security curmudgeon <jericho@attrition.org>
- RE: Sources: Full and Partial Coverage
  - From: "Mann, Dave" <damann@mitre.org>

Prev by Date: Re: Initial Guidance on Linux Issues
Next by Date: Re: Sources: Full and Partial Coverage
Prev by thread: Re: Sources: Full and Partial Coverage
Next by thread: Initial Guidance on Linux Issues
Index(es):
- Date
- Thread

Page Last Updated: November 06, 2012

Common Vulnerabilities and Exposures

Re: Sources: Full and Partial Coverage