[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: HP's policy on CVE assignments


We are contacting HP to discuss their disclosure policy to verify that it is not in conflict with the CNA Rules.

Once we have spoken to HP and have a better understanding of the issues, we will report back to the Board.

Please let us know if there are any other questions or concerns about this issue.




Daniel Adinolfi, CISSP

Lead Cybersecurity Engineer, The MITRE Corporation

CVE Communications and CNA Coordinator

Email: <dadinolfi@mitre.org>  Phone: 781-271-5774




From: <owner-cve-editorial-board-list@lists.mitre.org> on behalf of jericho <jericho@attrition.org>
Date: Monday, April 10, 2017 at 22:59
To: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
Subject: Re: HP's policy on CVE assignments


Can MITRE weigh in on this please? Pretty significant stance for a CNA to

take, saying they will selective assign based on how a solution is

delivered. I feel this goes against the spirit and purpose of CVE.


On Fri, 7 Apr 2017, jericho wrote:


: Caught this via Twitter. Thoughts?




Page Last Updated or Reviewed: April 11, 2017