[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Draft CNA document for discussion

I would say for now:

As of May 17, 2016 the DWF does not have the processes and technology to properly handle embargoed issues in place, as such we can only handle public issues. If you need a CVE for an embargoed issue please use the Red Hat CNA (secalert@redhat.com). Please note that the DWF is actively planning to have process and technology to handle embargoed CVE requests. 

On Tue, May 17, 2016 at 8:12 AM, Adinolfi, Daniel R <dadinolfi@mitre.org> wrote:

I have uploaded this DRAFT CNA Information Sharing and Embargo Policies document to GitHub.


The idea is to have each CNA describe when and to whom they will disclose information submitted to the CNA, both internally to the CNA and to the world.

The linked document is a starting point for that and will be part of the bigger CNA framework and documentation effort. (This is one of many documents we'll produce as part of that.) Please consider it a strawman to begin the discussion.


Daniel Adinolfi, CISSP
Lead Cybersecurity Engineer, The MITRE Corporation
J83D - Cyber Security Partnerships, Sharing, and Automation
Email: <dadinolfi@mitre.org>  Phone: 781-271-5774


Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com

Page Last Updated or Reviewed: May 20, 2016