[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CNA requirements

On Tue, 17 May 2016, Waltermire, David A. (Fed) wrote:

: IMHO, I believe we need to address this in a way that supports a 
: non-hierarchical, graph of communications between CNAs. This models 
: happens in the real world. It should be possible for any CNA to find 
: other CNA, get their contact info, and then reach out to them to 
: coordinate on a CVE assignment. Relying on parent CNAs does not make 
: this work.

Absolutely spot on, and should have happened years ago.

That said, consider that MITRE has gone dark for months at a time while 
trying to coordinate disclosures. Why expect CNAs act a certain way, 
the mothership does not?

Page Last Updated or Reviewed: June 01, 2016