[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: what text is being sent to researchers re: OSS assignments?

To: jericho <jericho@attrition.org>, CVE Editorial Board <cve-editorial-board-list@lists.mitre.org>
Subject: Re: what text is being sent to researchers re: OSS assignments?
From: "Landfield, Kent B" <kent.b.landfield@intel.com>
Date: Mon, 19 Dec 2016 14:54:20 +0000
Accept-language: en-US
Authentication-results: spf=none (sender IP is 129.83.29.2) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=intel.com;mitre.org; dkim=none (message not signed) header.d=none;
Delivery-date: Mon Dec 19 16:23:33 2016
In-reply-to: <65953FAA-EED4-4B7E-BAE2-3865558B7704@intel.com>
List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
References: <alpine.LNX.2.00.1612182041380.23402@forced.attrition.org> <65953FAA-EED4-4B7E-BAE2-3865558B7704@intel.com>
Sender: <owner-cve-editorial-board-list@lists.mitre.org>
Spamdiagnosticmetadata: 6cdb8bfc89744bd8bfee511e3e65aa05
Spamdiagnosticoutput: 1:2
Thread-index: AQHSWgIjgBKUpliG/ka4ka3BIwi0wqEPfREA
Thread-topic: what text is being sent to researchers re: OSS assignments?
User-agent: Microsoft-MacOutlook/f.1b.0.161010

Couple points of reference....

https://cve.mitre.org/cve/data_sources_product_coverage.html#products
https://cve.mitre.org/cve/cna.html

---
Kent Landfield
+1.817.637.8026

On 12/19/16, 8:13 AM, "owner-cve-editorial-board-list@lists.mitre.org 
on behalf of Landfield, Kent B" 
<owner-cve-editorial-board-list@lists.mitre.org on behalf of 
kent.b.landfield@intel.com> wrote:

    Can we please post this to the appropriate place? If you have an 
issue with this decision that the Board actively discussed, please as 
the question there.  There is no reason to cross-post every message to 
both lists.  This was a swim lane issue discussed by the Board and also 
discussed at the face-to-face meeting we had in Rockville, MD in 
November. 
    
    ---
    Kent Landfield
    +1.817.637.8026
    
    On 12/18/16, 8:44 PM, "owner-cve-cna-list@lists.mitre.org on behalf 
of jericho" <owner-cve-cna-list@lists.mitre.org on behalf of 
jericho@attrition.org> wrote:
    
        Reference:
        
        
https://www.stevencampbell.info/2016/12/my-first-cve-2016-1000329-in-blogphp/
        
            I submitted my CVE request through Mitre who notified me 
that open
            source software CVE requests are now processed via the 
Distributed
            Weakness Filing before being sent to Mitre for inclusion in 
their
            database.
        
        This creates an obvious disconnect and potentially duplicate 
assignments 
        and confusion, if researchers are being told to go to DWF for 
*all* OSS 
        assignments. For example, Apache is a CNA and has many OSS 
projects, but 
        vulnerabilities in their software should go to them, not DWF. 
Could MITRE 
        share the text that is being sent out currently?
        
        .b

Follow-Ups:
- Re: what text is being sent to researchers re: OSS assignments?
  - From: jericho <jericho@attrition.org>

References:
- what text is being sent to researchers re: OSS assignments?
  - From: jericho <jericho@attrition.org>
- Re: what text is being sent to researchers re: OSS assignments?
  - From: "Landfield, Kent B" <kent.b.landfield@intel.com>

Prev by Date: Re: what text is being sent to researchers re: OSS assignments?
Next by Date: Re: what text is being sent to researchers re: OSS assignments?
Previous by thread: Re: what text is being sent to researchers re: OSS assignments?
Next by thread: Re: what text is being sent to researchers re: OSS assignments?
Index(es):
- Date
- Thread