[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Sources: Full and Partial Coverage (CNA increase)



> -----Original Message-----
> From: Art Manion [mailto:amanion@cert.org]
> Sent: 25. juni 2012 20:04
> To: Carsten Eiram
> Cc: 'Mann, Dave'; 'cve-editorial-board-list'
> Subject: Re: Sources: Full and Partial Coverage (CNA increase)
> 
> I have a vague future vision of more qualified and trained CNAs covering
> segments of the public vulnerability disclosure market (JPCERT for Japan, ICS-
> CERT for control systems, Red Hat for Red Hat, etc), with CVE being the CNA
> of last resort, as well as the conflict resolver and CNA grey-bearded guru.  In
> product terms, some CNAs could take responsibility for certain products or
> classes of product.  In source terms, CVE could monitor a set of current VDBs,
> and only put in further effort if something gets missed or there's a conflict.
 
I like that future vision, which should ensure both breadth and depth of coverage.

/Carsten



Page Last Updated or Reviewed: November 06, 2012