[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: what text is being sent to researchers re: OSS assignments?
- To: jericho <jericho@attrition.org>, CVE Editorial Board <cve-editorial-board-list@lists.mitre.org>
- Subject: Re: what text is being sent to researchers re: OSS assignments?
- From: "Landfield, Kent B" <kent.b.landfield@intel.com>
- Date: Mon, 19 Dec 2016 14:13:58 +0000
- Accept-language: en-US
- Authentication-results: spf=none (sender IP is 129.83.29.2) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=intel.com;mitre.org; dkim=none (message not signed) header.d=none;
- Delivery-date: Mon Dec 19 16:23:34 2016
- In-reply-to: <alpine.LNX.2.00.1612182041380.23402@forced.attrition.org>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <alpine.LNX.2.00.1612182041380.23402@forced.attrition.org>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 6cdb8bfc89744bd8bfee511e3e65aa05
- Spamdiagnosticoutput: 1:2
- Thread-index: AQHSWgIjgBKUpliG/ka4ka3BIwi0wg==
- Thread-topic: what text is being sent to researchers re: OSS assignments?
- User-agent: Microsoft-MacOutlook/f.1b.0.161010
Can we please post this to the appropriate place? If you have an issue
with this decision that the Board actively discussed, please as the
question there. There is no reason to cross-post every message to both
lists. This was a swim lane issue discussed by the Board and also
discussed at the face-to-face meeting we had in Rockville, MD in
November.
---
Kent Landfield
+1.817.637.8026
On 12/18/16, 8:44 PM, "owner-cve-cna-list@lists.mitre.org on behalf of
jericho" <owner-cve-cna-list@lists.mitre.org on behalf of
jericho@attrition.org> wrote:
Reference:
https://www.stevencampbell.info/2016/12/my-first-cve-2016-1000329-in-blogphp/
I submitted my CVE request through Mitre who notified me that
open
source software CVE requests are now processed via the
Distributed
Weakness Filing before being sent to Mitre for inclusion in
their
database.
This creates an obvious disconnect and potentially duplicate
assignments
and confusion, if researchers are being told to go to DWF for *all*
OSS
assignments. For example, Apache is a CNA and has many OSS
projects, but
vulnerabilities in their software should go to them, not DWF. Could
MITRE
share the text that is being sent out currently?
.b
- Follow-Ups:
- Re: what text is being sent to researchers re: OSS assignments?
- From: "Landfield, Kent B" <kent.b.landfield@intel.com>
- Re: what text is being sent to researchers re: OSS assignments?
- From: Kurt Seifried <kseifried@redhat.com>
- Re: what text is being sent to researchers re: OSS assignments?
- References:
- what text is being sent to researchers re: OSS assignments?
- From: jericho <jericho@attrition.org>
- what text is being sent to researchers re: OSS assignments?
- Prev by Date: what text is being sent to researchers re: OSS assignments?
- Next by Date: Re: what text is being sent to researchers re: OSS assignments?
- Previous by thread: what text is being sent to researchers re: OSS assignments?
- Next by thread: Re: what text is being sent to researchers re: OSS assignments?
- Index(es):
