[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVEs with no REF URL (or a REF URL that is self referential)
- To: Kurt Seifried <kurt@seifried.org>
- Subject: Re: CVEs with no REF URL (or a REF URL that is self referential)
- From: Art Manion <amanion@cert.org>
- Date: Thu, 5 Oct 2017 09:01:39 -0400
- Authentication-results: spf=none (sender IP is 129.83.29.2) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=cert.org;
- Cc: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
- Delivery-date: Thu Oct 5 09:56:02 2017
- Dkim-filter: OpenDKIM Filter v2.11.0 taper.sei.cmu.edu v95D1gqw028828
- In-reply-to: <CABqVa38enogkmvbNPpMSOfZ9bKD+JLP17Mnc_Sr5RqP55Hg-vA@mail.gmail.com>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <CABqVa3-jbSjdzo9-4aPGyxXRUVWFDt=eaCqw8S6W=fuN3V6vmg@mail.gmail.com> <57dcc502-fda1-8ac3-8347-ed31319c5ccf@cert.org> <CABqVa38enogkmvbNPpMSOfZ9bKD+JLP17Mnc_Sr5RqP55Hg-vA@mail.gmail.com>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 5952c28dcc454f0789fb433d26f936ef
- Spamdiagnosticoutput: 1:2
- User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
On 2017-10-04 17:54, Kurt Seifried wrote: > The embargo often is set for a time and the commits/vendor > announcements/etc all take time. Rather then wait and check and > update the CVE entry with the ref URL it would be much easier just to > fire off the CVE that is self contained to the database so there is > something nearly immediately in the database (we're finding this > helps a lot with the higher profile messy issues). Ah OK. I've been operating under the impression that the delay you're talking about was too small to matter, probably hours, less than half a day. I consider same-day CVE ID to be fast enough, maybe < 6 hours for hot issues. - Art
- Follow-Ups:
- Re: CVEs with no REF URL (or a REF URL that is self referential)
- From: "kseifried@redhat.com" <kseifried@redhat.com>
- Re: CVEs with no REF URL (or a REF URL that is self referential)
- References:
- CVEs with no REF URL (or a REF URL that is self referential)
- From: Kurt Seifried <kurt@seifried.org>
- Re: CVEs with no REF URL (or a REF URL that is self referential)
- From: Art Manion <amanion@cert.org>
- Re: CVEs with no REF URL (or a REF URL that is self referential)
- From: Kurt Seifried <kurt@seifried.org>
- CVEs with no REF URL (or a REF URL that is self referential)
- Prev by Date: Re: CVE For Services
- Next by Date: New CNA - Asustor
- Previous by thread: Re: CVEs with no REF URL (or a REF URL that is self referential)
- Next by thread: Re: CVEs with no REF URL (or a REF URL that is self referential)
- Index(es):
