[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Regarding CVE assignments on oss-sec mailing list

> In the future, we plan to respond quickly to requests like the initial 
> one, asking the requester for the appropriate information needed to 
> assign a CVE ID.  If the Editorial Board members have suggestions on 
> better ways to handle these situations, we would appreciate you input.

Thanks for the background.  In this example just a ping back to the oss 
list saying that it's complex and you're working on it (or having the 
discussion of the complexity with upstream on that list) would have 
helped.  Especially after the 2nd request a month later -- radio silence 
from Mitre looked like no one was paying attention or it was in some 
backlog queue, not that the issue was being actively worked on.

Thanks, Mark

Page Last Updated or Reviewed: December 18, 2015