[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CVE's for private/"Secret" issues
- To: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
- Subject: CVE's for private/"Secret" issues
- From: Kurt Seifried <kseifried@redhat.com>
- Date: Thu, 19 Nov 2015 10:11:46 -0700
- Authentication-Results: spf=none (sender IP is 129.83.29.2)smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (messagenot signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=noneheader.from=redhat.com;
- Delivery-Date: Fri Nov 20 09:40:28 2015
- List-Help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-Owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-Subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-Unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- SpamDiagnosticMetadata: 43da9c421be74aed97248473db21fd15
- SpamDiagnosticOutput: 1:2
Hey I was just reading
TL;DR: another firm that acquires 0 day vulns, the news being they published their price chart.
There are now several firms like this (TIppingPoint, ImmunityInc, etc.) and I was wondering what, if any, process there is with respect to CVE assignments, my experience is that the sooner a CVE is assigned the better, ideally prior to public release if possible. Has Mitre reached out to these companies at all to help them understand the value of getting CVE's in advance and so on?
--
--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com
- Follow-Ups:
- Re: CVE's for private/"Secret" issues
- From: jericho <jericho@attrition.org>
- RE: CVE's for private/"Secret" issues
- From: Mike Prosser <mprosser@symantec.com>
- Re: CVE's for private/"Secret" issues
- Prev by Date: RE: on the topic of CNA assignments... (was Re: Please welcome Kurt Seifried to the CVE Editorial Board)
- Next by Date: Re: CVE's for private/"Secret" issues
- Prev by thread: RE: on the topic of CNA assignments... (was Re: Please welcome Kurt Seifried to the CVE Editorial Board)
- Next by thread: Re: CVE's for private/"Secret" issues
- Index(es):
