[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Method to Request CVE IDs from MITRE Changing Soon



Thank you, and we fully agree.  A message communicating the upcoming change was sent to the CNA POCs yesterday shortly after 6:00 ET.  We sent it directly to the CNA POCs, rather than the cve-CNA-list, to avoid confusion, since the cve-CNA-list includes candidate organizations that are not yet fully integrated into the program.  The candidate CNAs will learn about the form as we onboard them.


We also intend to discuss this with Board members at the meeting tomorrow.


The content of the message sent to the CNA POCs is below my signature block.


Thanks again,

Meghan E. Manley

Homeland Security Systems Engineering and

Development Institute (HS SEDI)

703-983-4278 (office)

703-674-7081 (cell)





From: CVE ID Requests
Sent: Tuesday, August 23, 2016 5:08 PM (ET)
To: CVE ID Requests <cve-assign@mitre.org>
Subject: Method to Request CVE IDs from MITRE Changing Soon



Hash: SHA256


**********IMPORTANT NOTIFICATION***************




The method to request blocks of CVE IDs from MITRE will change on

August 29, 2016. In the new method, CNAs will complete and submit a

short, simple web form to request CVE ID blocks from MITRE. The

previous practice of requesting blocks via cve-assign@mitre.org

email will be discontinued. Beginning August 29, 2016, the form will

be available via https://cve.mitre.org/cve/request_id.html.


Learn more at:





- --

CVE Assignment Team

M/S M300, 202 Burlington Road, Bedford, MA 01730 USA

[A PGP key is available for encrypted communications at



Version: GnuPG v2.0.14 (GNU/Linux)

















From: owner-cve-editorial-board-list@lists.mitre.org [mailto:owner-cve-editorial-board-list@lists.mitre.org] On Behalf Of Landfield, Kent B
Sent: Wednesday, August 24, 2016 8:52 AM
To: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
Subject: FW: Method to Request CVE IDs from MITRE Changing Soon


Quick question… While I think this is a great step towards better automation, has this new request process been communicated to the CNAs?  I am on the cve-cna-list and I don’t remember seeing this mentioned.  I have been traveling way too much but I do try to keep up…


If I am correct, I’d recommend we not use CVE Announce list for communicating items that, while not directly, have a potential indirect effect on CNAs. I understand this is targeted towards the general community but I would expect we should be letting the front line know so if asked or redirects are needed, they would know the correct way to request a specific CVE directly from MITRE.





Kent Landfield



From: <owner-cve-announce-list@lists.mitre.org> on behalf of "Sain, Joe" <jas@mitre.org>
Date: Tuesday, August 23, 2016 at 5:33 PM
To: cve-announce-list Common Vulnerabilities and Exposures/CVE Annou <cve-announce-list@lists.mitre.org>
Subject: Method to Request CVE IDs from MITRE Changing Soon


Welcome to the latest issue of the CVE-Announce e-newsletter. This email newsletter is designed to bring recent news about Common Vulnerabilities and Exposures (CVE), such as new compatible products, new website features, CVE in the news, etc. right to your email box. CVE is the standard for cyber security vulnerability names. The CVE Board provides oversight and input into CVE’s strategic direction, ensuring CVE meets the vulnerability identification needs of the technology community. CVE Numbering Authorities (CNAs) are major OS vendors, security researchers, and research organizations that assign CVE Identifiers (IDs) to newly discovered issues without directly involving MITRE in the details of the specific vulnerabilities, and include the CVE IDs in the first public disclosure of the vulnerabilities. Details on subscribing (and unsubscribing) to the email newsletter are at the end. Please feel free to pass this newsletter on to interested colleagues.


Comments: cve@mitre.org



CVE-Announce e-newsletter/August 23, 2016





1. IMPORTANT NOTICE: Method to Request CVE IDs from MITRE Changing Soon

2. Details/Credits + Subscribing and Unsubscribing





IMPORTANT NOTICE: Method to Request CVE IDs from MITRE Changing Soon


The method to request CVE IDs from MITRE will change on August 29, 2016. Using the new method, CVE ID requestors will complete a “CVE Request” web form when requesting a CVE ID from MITRE. The previous practice of submitting requests via email will be discontinued.


The new web form will make it easier for requestors to know what information to include in their initial request, and will enhance MITRE's ability to respond to those requests in a timely manner. User instructions will be available on the website and on the form itself. Upon completion of the form, the requestor will receive a confirmation message that the request was received and a reference number.


Please send any comments or concerns to cve@mitre.org.




Request a CVE ID -






CVE News page article –




Details/Credits + Subscribing and Unsubscribing


Managing Editor: Dan Adinolfi, Cyber Security Technical Center. Writer: Bob Roberge.

The MITRE Corporation (www.mitre.org) maintains CVE and provides impartial technical guidance to the CVE Board and CVE Numbering Authorities on all matters related to ongoing development of the CVE Program.


To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the message to: listserv@lists.mitre.org. To subscribe, send an email message to listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".


Copyright 2016, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. CVE is sponsored by US-CERT (www.us-cert.gov) in the office of Cybersecurity and Communications (www.dhs.gov/office-cybersecurity-and-communications) at the U.S. Department of Homeland Security (www.dhs.gov).


For more information about CVE, visit the CVE website at https://cve.mitre.org or send an email to cve@mitre.org.



Page Last Updated or Reviewed: August 25, 2016