[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Interim position on assigning CVEs for automated testing and other large-scale vulnerability disclosures



The paper is in review internally.

Steve

-----Original Message-----
From: jericho [mailto:jericho@attrition.org] 
Sent: Wednesday, September 02, 2015 12:43 AM
To: Boyle, Stephen V. <sboyle@mitre.org>
Cc: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
Subject: Re: Interim position on assigning CVEs for automated testing and other large-scale vulnerability disclosures
Importance: High



On Thu, 9 Apr 2015, Boyle, Stephen V. wrote:

: In the past, CVE has occasionally been requested to assign CVE-IDs for 
: submissions based on the results of automated testing or similar methods 
: that can produce a large number of findings. We will refer to these as 
: "large-scale requests."  We have traditionally handled such requests on 
: a case-by-case basis, but with the increasing use of automated testing 
: tools and similar methods, we believe that large-scale requests for 
: CVE-IDs will become more frequent.

: Steve Christey Coley is preparing a paper on this topic, but we wanted 
: to provide the Board with an interim statement to help clarify our 
: position and our planned response to large-scale CVE requests for the 
: near term.

What is the status of this paper please?


Page Last Updated or Reviewed: September 14, 2015