[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Regarding CVE assignments on oss-sec mailing list



> 1. MITRE either accept assignment requests with deadlines, or that it removes 
> itself from the critical path, designating CNAs and referring all such 
> requests to CNAs that can handle deadlines.

Fixing the CNA process as well is something I'd like to put on the table 
as it's a requirement for this.  Apache, for example, currently 
piggy-back/steal from the Red Hat CNA pool weekly.  Although meeting the 
requirements of being their own CNA, the request for such has been ignored 
(since Sept).

Mark


Page Last Updated or Reviewed: November 29, 2015