[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: upcoming intel issue

To: Kurt Seifried <kurt@seifried.org>, cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
Subject: Re: upcoming intel issue
From: "Landfield, Kent" <Kent_Landfield@McAfee.com>
Date: Wed, 3 Jan 2018 20:58:37 +0000
Accept-language: en-US
Authentication-results: spf=none (sender IP is 198.49.146.235) smtp.mailfrom=LISTS.MITRE.ORG; imc.mitre.org; dkim=none (message not signed) header.d=none;imc.mitre.org; dmarc=none action=none header.from=McAfee.com;
Delivery-date: Wed Jan 3 16:33:36 2018
In-reply-to: <CABqVa3-+RnbeTMamFGSXJ8s+7E=Q+PkMDPUYmtdjjey3DZpC0g@mail.gmail.com>
List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
References: <CABqVa3-+RnbeTMamFGSXJ8s+7E=Q+PkMDPUYmtdjjey3DZpC0g@mail.gmail.com>
Sender: <owner-cve-editorial-board-list@lists.mitre.org>
Spamdiagnosticmetadata: 5952c28dcc454f0789fb433d26f936ef
Spamdiagnosticoutput: 1:2
Thread-index: AQHThM2pq0z1/i3t70OFG095zEiIwaNiPQ4A
Thread-topic: upcoming intel issue

They are being done by Intel. Publishing pending shortly.

On your second question, you have hit one of my sore points… I am a vendor, Intel is a vendor, RedHat is a vendor. I do not want ANYONE creating CVEs for my company’s issues except my PSIRT team. Vendors need to be given the first opportunity and only if they officially have stated they are not going to issue an appropriate CVE in a clear and precise way, should anyone ever get in the way of their alerting their customers through an established advisory process. There is NO first-come-first-served with an authorized CVE CNAs. Period.

Thank you, Gracias, Grazie, 谢谢, Merci!, Спасибо!, Danke!, ありがとう, धन्यवाद!

Kent Landfield

+1.817.637.8026

kent_landfield@mcafee.com

From: <owner-cve-editorial-board-list@lists.mitre.org> on behalf of Kurt Seifried <kurt@seifried.org>
Date: Wednesday, January 3, 2018 at 2:01 PM
To: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
Subject: upcoming intel issue

So the thing that's in the news, assuming it has CVEs, can we make sure they are populated to the CVE database asap, and if Intel does not do we have a plan B (e.g. MITRE writes them up?).

Also in general I think we should probably figure out some guidelines for these high visibility issues, e.g. encourage the original CNA to get them into the database asap, and have a plan B in case they don't (e.g. MITRE or someone else with info writes them up? first come first served? trusted parties only? or?).

Kurt Seifried
kurt@seifried.org

Follow-Ups:
- Re: upcoming intel issue
  - From: jericho <jericho@attrition.org>

References:
- upcoming intel issue
  - From: Kurt Seifried <kurt@seifried.org>

Prev by Date: upcoming intel issue
Next by Date: Re: upcoming intel issue
Previous by thread: upcoming intel issue
Next by thread: Re: upcoming intel issue
Index(es):
- Date
- Thread