|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVE program priorities
- To: "Boyle, Stephen V." <sboyle@mitre.org>
- Subject: Re: CVE program priorities
- From: Kurt Seifried <kseifried@redhat.com>
- Date: Tue, 22 Dec 2015 14:27:03 -0700
- Authentication-Results: spf=none (sender IP is 129.83.29.3)smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (messagenot signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=noneheader.from=redhat.com;
- CC: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
- Delivery-Date: Tue Dec 22 18:59:49 2015
- In-Reply-To: <CY1PR09MB08737CFD357C164D487A3385C7E50@CY1PR09MB0873.namprd09.prod.outlook.com>
- List-Help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-Owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-Subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-Unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <CY1PR09MB0873A71369CCDDE1AF00AB26C7E50@CY1PR09MB0873.namprd09.prod.outlook.com> <CANO=Ty1axNHQDwZwBQdB=1FZp3bxiBAH=xbErV_StFnLyaykOQ@mail.gmail.com> <CY1PR09MB08737CFD357C164D487A3385C7E50@CY1PR09MB0873.namprd09.prod.outlook.com>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- SpamDiagnosticMetadata: 43da9c421be74aed97248473db21fd15
- SpamDiagnosticOutput: 1:2
On Tue, Dec 22, 2015 at 1:46 PM, Boyle, Stephen V. <sboyle@mitre.org> wrote:
Hi Kurt,
Kurt wrote:
> What is the purpose of CVE?
Excellent question.
The short answer is that having a comprehensive official list of all assigned CVEs is a “must-have,” otherwise security product vendors and other “CVE integrators” wouldn’t be able to effectively find all assigned CVEs, much less integrate them into their products.
So two comments:
1) when and how do you plan to address the backlog of 11,000+ CVE's currently not in the database? You say this is a "MUST-HAVE" and yet we've lived without it for 10+ years.
2) When do you plan to make the database properly index-able by search engines, it's 2015, usually if you want to share something publicly you let the search engines index it.
--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com
--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com
- References:
- CVE program priorities
- From: "Boyle, Stephen V." <sboyle@mitre.org>
- Re: CVE program priorities
- From: Kurt Seifried <kseifried@redhat.com>
- RE: CVE program priorities
- From: "Boyle, Stephen V." <sboyle@mitre.org>
- CVE program priorities
- Prev by Date: Re: CVE program priorities
- Next by Date: Re: CVE program priorities
- Prev by thread: RE: CVE program priorities
- Next by thread: Re: CVE program priorities
- Index(es):