[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MITRE can now accept CVE ID publication notifications formatted in JSON

To: Multiple recipients <LISTSERV@LISTS.MITRE.ORG>
Subject: MITRE can now accept CVE ID publication notifications formatted in JSON
From: "Adinolfi, Daniel R" <dadinolfi@mitre.org>
Date: Wed, 12 Apr 2017 15:30:40 -0400
Accept-language: en-US
Authentication-results: spf=none (sender IP is 129.83.29.2) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=mitre.org;
Delivery-date: Wed Apr 12 16:05:12 2017
List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
Sender: "owner-cve-editorial-board-list@lists.mitre.org" <owner-cve-editorial-board-list@lists.mitre.org>
Thread-index: AQHSs8NFZ2/3LboE9EaoCxOxl5Ht1g==
Thread-topic: MITRE can now accept CVE ID publication notifications formatted in JSON
User-agent: Microsoft-MacOutlook/f.20.0.170309

Greetings,

Thanks to the efforts of the CVE Automation Working Group, MITRE can accept CVE ID publication notifications formatted in JSON. This is in addition to using the file formats described in Appendix B of the CNA Rules.

The format specification is here:

<https://github.com/CVEProject/automation-working-group/blob/master/cve_json_schema/DRAFT-JSON-file-format-v4.md>

The full specification and some examples are listed here:

<https://github.com/CVEProject/automation-working-group/tree/master/cve_json_schema>

You can submit a request using the JSON format to notify MITRE that a CVE ID entry is ready to be published. You can send this request through the CVE Request form:

Choose "Notify CVE about a publication", enter the link to the advisory and CVE IDs in the required fields, and add the JSON-formatted data into the "Additional information and CVE ID description updates" field.

Note, you can update multiple CVE IDs with the same request as shown in the "Minimal example needed for CVE [multiple entries]" on the format specification page.

If you have any questions or feedback on the JSON format or its use, please submit that feedback through the CVE Request form or by emailing cve@mitre.org.

Thanks, and many thanks to everyone who worked to develop this new format standard.

-Dan, for the CVE Team

Follow-Ups:
- Re: MITRE can now accept CVE ID publication notifications formatted in JSON
  - From: William Cox <wcox@blackducksoftware.com>

Prev by Date: Re: CVE Collision in Microsoft advisory today w/ prior Jenkins disclosure
Next by Date: Re: HP's policy on CVE assignments
Previous by thread: Re: CVE Collision in Microsoft advisory today w/ prior Jenkins disclosure
Next by thread: Re: MITRE can now accept CVE ID publication notifications formatted in JSON
Index(es):
- Date
- Thread