[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVEs for FinTech

To: Kurt Seifried <kseifried@redhat.com>
Subject: Re: CVEs for FinTech
From: Scott Lawler <scott.lawler@lp3.com>
Date: Sun, 1 May 2016 14:15:19 +0000
Accept-language: en-US
Authentication-results: spf=none (sender IP is 129.83.29.2) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=lp3.com;
Cc: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
Delivery-date: Mon May 2 07:46:43 2016
In-reply-to: <CANO=Ty2s0dfKNTvg-cwes-BsWNdwDvXW9ZvrXd7iX-u88LWooA@mail.gmail.com>
List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
References: <CANO=Ty2s0dfKNTvg-cwes-BsWNdwDvXW9ZvrXd7iX-u88LWooA@mail.gmail.com>
Sender: <owner-cve-editorial-board-list@lists.mitre.org>
Spamdiagnosticmetadata: NSPM
Spamdiagnosticmetadata: 43da9c421be74aed97248473db21fd15
Spamdiagnosticoutput: 1:23
Spamdiagnosticoutput: 1:2
Thread-index: AQHRo2My+0BIJQwtdEW+Dg0ZmryxTZ+kIQKk
Thread-topic: CVEs for FinTech

I do. I'll reach out to them to find the right person to talk to.

Something to think about is whether or not CVE should be tracking vuls is systems-of-systems (like SWIFT) or do we stay at the lower level of operating systems, application software, etc.

There are thousands of larger systems made up of an infinite set of vulnerable sub components--with common vuls.

Thoughts?

Scott

On May 1, 2016, at 12:37 AM, Kurt Seifried <kseifried@redhat.com> wrote:

http://www.theregister.co.uk/2016/04/29/bangladesh_swift_mega_hack_analysis/

seems like SWIFT security vulns would be worth CVE, does anyone have contacts at SWIFT they can reach out to?

--

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com

Follow-Ups:
- Re: CVEs for FinTech
  - From: jericho <jericho@attrition.org>
- Re: CVEs for FinTech
  - From: Art Manion <amanion@cert.org>

Next by Date: Re: CVEs for FinTech
Next by thread: Re: CVEs for FinTech
Index(es):
- Date
- Thread