|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Bringing other vendors into the CVE process
- To: cve-review@linus.mitre.org
- Subject: Bringing other vendors into the CVE process
- From: "Steven M. Christey" <coley@linus.mitre.org>
- Date: Thu, 20 May 1999 17:39:14 -0400 (EDT)
All:
Dave and I have been tasked to identify and bring in other security
tool vendors into the CVE process as early as possible, to ensure a
fair playing field (this is related to our requirement for vendor
neutrality). Presently, we've been inviting those security tool
vendors that we've directly met, or through referrals from others. If
you can think of another vendor that you believe should participate,
please let us know.
While we are still trying to define criteria for inviting a vendor, at
the very least, I believe we will need to include vendors who:
- provide security tools that identify vulnerabilities directly
(e.g. scanners) or indirectly (e.g. IDS systems that identify
attempts to exploit vulnerabilities, but not IDSes that only do
integrity checking or session recording)
- are commercial entities
- have some market presence in the U.S.
- have tools that could be obtained by the general public
If you have actual points of contact, so much the better. Below is
the current list.
Thanks,
- Steve
Participating vendors
---------------------
Axent
ISS
NAI
L-3
Netect
Cisco
Invited vendors (no response yet)
---------------------------------
Harris
Security Dynamics
Vendors not yet invited
-----------------------
(For these vendors, we haven't met them or been referred to them, or
they might not fit our definition of "invited vendor.")
NFR
Webtrends
Centrax
- Prev by Date: Re: The nomenclature process in other fields
- Next by Date: Impending CVE candidates for review - next week
- Prev by thread: Re: Proposal: CVE candidate/approved numbering scheme
- Next by thread: Impending CVE candidates for review - next week
- Index(es):