[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Initial Guidance on Linux Issues



Hi,

From Cisco perspective we would like to see CVEs assigned to all distributions.
Status: O

And I mean all :)  The four listed here are good start but we use all sorts
of stuff as you can imagine.

I would venture further that other large vendors are in a similar position
like us - with probable exception of Microsoft :)

Gaus



On Fri, May 18, 2012 at 02:03:50AM +0000, Carsten Eiram wrote:
> > -----Original Message-----
> > From: owner-cve-editorial-board-list@lists.mitre.org [mailto:owner-cve-
> > editorial-board-list@lists.mitre.org] On Behalf Of Mann, Dave
> > Sent: 17. maj 2012 16:37
> > To: Art Manion; Mark J Cox
> > Cc: cve-editorial-board-list
> > Subject: RE: Initial Guidance on Linux Issues
> > 
> > 
> > FUNDING IS NOT THE ISSUE - I really, really, really want to keep funding
> > levels out of this discussion as much as possible and keep this focused on
> > prioritization and relevance. We've asked if it is required to give full
> > coverage for all vulnerabilities disclosed in the following 4 Linux distros:
> > Debian, Red Hat, Attachmate: SUSE and Ubuntu (Linux).  Mark has argued
> > that for Red Hat, the answer is yes.  What about the other three?
> 
> >From our customers' perspective, there is a definite preference for having full CVE coverage for the following in prioritised order:
> * Red Hat (specifically RHEL Server - our customers have limited interest in e.g. the desktop solutions and Fedora. A full coverage focus could, therefore, be on RHELS only).
> * SUSE (both SLES and openSUSE - interest for e.g. SLED is limited)
> * Debian
> * Ubuntu
> 

==============
Damir Rajnovic <psirt@cisco.com>, PSIRT Incident Manager, Cisco Systems
<http://www.cisco.com/go/psirt>      Telephone: +44 7715 546 033
200 Longwater Avenue, Green Park, Reading, Berkshire RG2 6GB, GB
==============
There are no insolvable problems. 
The question is can you accept the solution? 


Incident Response and Product Security
http://www.ciscopress.com/bookstore/product.asp?isbn=1587052644


- - - -
Cisco.com - http://www.cisco.com/global/UK

This e-mail may contain confidential and privileged material for the sole 
use of the intended recipient. Any review, use, distribution or disclosure by 
others is strictly prohibited. If you are not the intended recipient (or 
authorized to receive for the recipient), please contact the sender by reply 
e-mail and delete all copies of this message.

Cisco Systems Limited (Company Number: 02558939), is registered in England 
and Wales with its registered office at 1 Callaghan Square, Cardiff, 
South Glamorgan CF10 5BT

For corporate legal information go to:
http://www.cisco.com/web/about/doing_business/legal/cri/index.html


Page Last Updated or Reviewed: November 06, 2012