[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Problematic assignments for subpar reports via CVE request form
- To: jericho <jericho@attrition.org>, Kurt Seifried <kseifried@redhat.com>
- Subject: Re: Problematic assignments for subpar reports via CVE request form
- From: "Landfield, Kent" <Kent_Landfield@McAfee.com>
- Date: Mon, 23 Oct 2017 17:38:35 +0000
- Accept-language: en-US
- Authentication-results: spf=none (sender IP is 129.83.29.2) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=McAfee.com;
- Cc: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
- Delivery-date: Mon Oct 23 13:54:51 2017
- In-reply-to: <alpine.LNX.2.00.1710231230270.21035@forced.attrition.org>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <CACph5NWoe1C7G0suzRH-Xc4HREUO+x4k88WNuuK1KZg1VRNwyg@mail.gmail.com> <3c7155a4-16b3-7ce7-1020-2686e3e81712@cert.org> <CANO=Ty0DiaGyP1LB4OgMLbys4dcC1w0ZCvNW5H6DL6PWnTBmWw@mail.gmail.com> <alpine.LNX.2.00.1710231230270.21035@forced.attrition.org>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 5952c28dcc454f0789fb433d26f936ef
- Spamdiagnosticoutput: 1:2
- Thread-index: AQHTS9cOmrfVPIprXUe1fAl/3Ql/46LxpoqAgAAJAICAAAKrAIAAAZ2A
- Thread-topic: Problematic assignments for subpar reports via CVE request form
Agreed.
--
Kent Landfield
+1.817.637.8026
kent_landfield@mcafee.com
On 10/23/17, 12:35 PM, "owner-cve-editorial-board-list@lists.mitre.org
on behalf of jericho" <owner-cve-editorial-board-list@lists.mitre.org
on behalf of jericho@attrition.org> wrote:
On Mon, 23 Oct 2017, Kurt Seifried wrote:
: ask for even more detail/proof. I would only go to the ban phase
if they
: are flooding in requests that are still of poor quality despite
being
: told they need to do better quality requests, I would suggest we
adopt
: this, it's somewhat subjective, but relatively simple:
He is flooding in requests that are still of poor quality.
He has been told his reports are difficult to process. He was asked
to
include his crashing PoCs, he still does not. He deleted the public
issue
in which I asked him to do so. He shut down the issue tracker on
the
GitHub repo so we cannot raise issues with his reports.
To me, that meets the bar for a temporary ban until he better
appreciates
that his reports are lacking serious detail and contain numerous
duplicates.
Brian
- References:
- Problematic assignments for subpar reports via CVE request form
- From: Carsten Eiram <che@riskbasedsecurity.com>
- Re: Problematic assignments for subpar reports via CVE request form
- From: Art Manion <amanion@cert.org>
- Re: Problematic assignments for subpar reports via CVE request form
- From: Kurt Seifried <kseifried@redhat.com>
- Re: Problematic assignments for subpar reports via CVE request form
- From: jericho <jericho@attrition.org>
- Problematic assignments for subpar reports via CVE request form
- Prev by Date: Re: Problematic assignments for subpar reports via CVE request form
- Next by Date: Re: Problematic assignments for subpar reports via CVE request form
- Previous by thread: Re: Problematic assignments for subpar reports via CVE request form
- Next by thread: Re: Problematic assignments for subpar reports via CVE request form
- Index(es):
