[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Test set of CVE IDs





On Fri, Jan 6, 2017 at 6:43 AM, Adinolfi, Daniel R <dadinolfi@mitre.org> wrote:

Folks,

 

During our last Board meeting, there was a discussion of the feasibility of creating a set of test CVE ID to use when developing new software or testing processes.

 

Such a set of data was made available when the CVE ID Syntax change occurred, and we provided this:

 

<https://cve.mitre.org/cve/identifiers/tech-guidance.html#test_data>

 

If this test data is not sufficient, what requirements are missing? What are the more specific use cases for "test CVE IDs" that you would like to accomplish?


These are all from year 2014, also only 28 of them, I'm thinking more cases where I run the scripts/system/whatever to convert a bunch of data into CVEs, and grind it through my whole system (once I have one) using a set of CVE #'s which I can hardcode the final presentation systems/etc to ignore (e.g. for the sake of argument CVE-YEAR-98765****). This isn't a needed use case really yet, but long term with automation I'm wondering how we do as close to live testing as possible (hence the request).

 

 

Thanks.

 

-Dan




--

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com

Page Last Updated or Reviewed: January 10, 2017