[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVE for hosted services
- To: "Andy Balinsky (balinsky)" <balinsky@cisco.com>, "Landfield, Kent B" <kent.b.landfield@intel.com>
- Subject: Re: CVE for hosted services
- From: Art Manion <amanion@cert.org>
- Date: Thu, 16 Feb 2017 08:08:34 -0500
- Authentication-results: spf=none (sender IP is 129.83.29.3) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=cert.org;mitre.org; dkim=none (message not signed) header.d=none;
- Cc: cve-editorial-board-list <cve-editorial-board-list@LISTS.MITRE.ORG>
- Delivery-date: Thu Feb 16 09:22:50 2017
- In-reply-to: <8942442A-17E2-4EEB-9943-648F27125AA6@cisco.com>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <A4305A50-AD19-4025-842E-D89337B8269C@cisco.com> <379DDB8A-F1D2-4E4B-9307-CFBFDB0521F5@intel.com> <8942442A-17E2-4EEB-9943-648F27125AA6@cisco.com>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 6cdb8bfc89744bd8bfee511e3e65aa05
- Spamdiagnosticoutput: 1:2
- User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.7.1
On 2017-02-15 15:00, Andy Balinsky (balinsky) wrote: > I think the main benefit would be to unify discussions about an issue. > If a SaaS vulnerability were disclosed and then academic or online > discussions wanted to refer to the vulnerability with specificity to > disambiguate from some similar vulnerability. That, I suppose is the > only aspect left to debate. I don't know if it is a compelling case > or not. As many on this list know, I'm in favor of any vulnerability being able to get a CVE ID. Vulnerabilities are abstract things, we need to identify them to be able to talk about them, full stop. Yes, with SaaS, there is usually no action needed by users or vulnerability scanners. As a CNA, CERT/CC follows INC 3. Regards, - Art
- Follow-Ups:
- Re: CVE for hosted services
- From: Kurt Seifried <kseifried@redhat.com>
- Re: CVE for hosted services
- References:
- CVE for hosted services
- From: "Andy Balinsky (balinsky)" <balinsky@cisco.com>
- Re: CVE for hosted services
- From: "Landfield, Kent B" <kent.b.landfield@intel.com>
- Re: CVE for hosted services
- From: "Andy Balinsky (balinsky)" <balinsky@cisco.com>
- CVE for hosted services
- Prev by Date: Re: CVE for hosted services
- Next by Date: RE: education suggestion
- Previous by thread: Re: CVE for hosted services
- Next by thread: Re: CVE for hosted services
- Index(es):
