|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CVE Will Reject a Group of Unused CVE IDs
- To: Multiple recipients <LISTSERV@LISTS.MITRE.ORG>
- Subject: CVE Will Reject a Group of Unused CVE IDs
- From: "Adinolfi, Daniel R" <dadinolfi@mitre.org>
- Date: Tue, 9 May 2017 16:18:32 +0000
- Accept-language: en-US
- Authentication-results: spf=none (sender IP is 129.83.29.3) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=mitre.org;
- Delivery-date: Tue May 9 13:29:13 2017
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 6cdb8bfc89744bd8bfee511e3e65aa05
- Spamdiagnosticoutput: 1:2
- Thread-index: AQHSyN/me14wXxtxx0mE7bi2Ml1b2A==
- Thread-topic: CVE Will Reject a Group of Unused CVE IDs
- User-agent: Microsoft-MacOutlook/f.21.0.170409
|
All, To help reduce the number of reserved but unused CVE IDs in the CVE List, the CVE Team will reject CVE IDs that CNAs have indicated as being unused from their prior CVE ID allocations. The CVE IDs affected
include those from years 1999 through 2016. CVE List consumers will see 3103 reserved CVE IDs become rejected in an update on May 10th. Each of these CVE entries will be updated with the following information ([Year] is replaced with four-digit year): "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during [Year]. Notes: none." CNAs are given blocks of CVE IDs each year, and those CVE IDs are marked as "RESERVED" in the CVE list until they are assigned to a vulnerability and published. CNAs often do not use all the CVE IDs they
are allocated, which results in many reserved CVE IDs that will never be assigned to a vulnerability. Going forward, at the start of each new calendar year, the CVE Team will ask CNAs for the list of unused CVE IDs from their allocations. Once we have that list of unused CVE IDs, we will update those CVE
IDs to "REJECT" status, hopefully making it clearer that the CVE IDs do not represent unannounced vulnerabilities. (For more details about the meaning of the "REJECT" status, refer to <http://cve.mitre.org/about/faqs.html#reject_signify_in_cve_id>.) If there are any questions about this process, you can contact the CVE Team at <https://cveform.mitre.org/>. Thanks. -Dan, for the CVE Team _________________________ Daniel Adinolfi, CISSP Lead Cybersecurity Engineer, The MITRE Corporation CVE Communications and CNA Coordinator Email: <dadinolfi@mitre.org> Phone: 781-271-5774 |
- Follow-Ups:
- RE: CVE Will Reject a Group of Unused CVE IDs
- From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
- RE: CVE Will Reject a Group of Unused CVE IDs
- Prev by Date: RE: Current standards/criteria for 'Undefined Behavior'
- Next by Date: RE: CVE Will Reject a Group of Unused CVE IDs
- Previous by thread: RE: Notice of Pilot Activity in CVE Auto WG
- Next by thread: RE: CVE Will Reject a Group of Unused CVE IDs
- Index(es):