|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Information-technology Promotion Agency (JP) using several example CVEs (fwd)
- To: jericho <jericho@attrition.org>
- Subject: Re: Information-technology Promotion Agency (JP) using several example CVEs (fwd)
- From: Kurt Seifried <kurt@seifried.org>
- Date: Fri, 2 Jun 2017 11:27:51 -0600
- Authentication-results: spf=none (sender IP is 129.83.29.2) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=seifried.org;
- Cc: CVE Editorial Board <cve-editorial-board-list@lists.mitre.org>
- Delivery-date: Fri Jun 2 16:57:17 2017
- In-reply-to: <alpine.LNX.2.00.1706021202030.3404@forced.attrition.org>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <alpine.LNX.2.00.1706021202030.3404@forced.attrition.org>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 6cdb8bfc89744bd8bfee511e3e65aa05
- Spamdiagnosticoutput: 1:2
Agreed, whether we like it not, it'll happen. So In general:
CVE-YEAR-1000
CVE-YEAR-10000
CVE-YEAR-100000
CVE-YEAR-1000000
CVE-YEAR-1234
CVE-YEAR-12345
CVE-YEAR-123456
CVE-YEAR-1234567
RESERVED FOR EXAMPLES (ala example.org).
And then we had discussed using CVE-YEAR-900000 through CVE-YEAR-999999 for testing (e.g. if you see these in the wild it's a test and you can ignore them, unless you're part of the test and want to do whatever with them).
And that should cover pretty much all the usual cases.
On Fri, Jun 2, 2017 at 11:03 AM, jericho <jericho@attrition.org> wrote:
Suggestion:
Starting in 2018, reserve common 'example' CVEs like this for a given year to help avoid collisions since the example may be used long before a valid assignment. Hard to predict what people will use as an example, but I would add -1234 and -12345 to this. I've sent several of these types of examples to MITRE in the past. They should be able to generate a more complete list.
.b
---------- Forwarded message ----------
From: jericho <jericho@attrition.org>
To: CVE <cve@mitre.org>
Date: Wed, 17 May 2017 17:04:07 -0500 (CDT)
Subject: Information-technology Promotion Agency (JP) using several example CVEs
FYI
https://www.ipa.go.jp/files/000058610.pdf
Slide 37:
CVE-2017-1000
CVE-2017-10000
CVE-2017-1000000
Kurt Seifried
kurt@seifried.org
kurt@seifried.org
- Follow-Ups:
- Re: Information-technology Promotion Agency (JP) using several example CVEs (fwd)
- From: jericho <jericho@attrition.org>
- Re: Information-technology Promotion Agency (JP) using several example CVEs (fwd)
- References:
- Information-technology Promotion Agency (JP) using several example CVEs (fwd)
- From: jericho <jericho@attrition.org>
- Information-technology Promotion Agency (JP) using several example CVEs (fwd)
- Prev by Date: Information-technology Promotion Agency (JP) using several example CVEs (fwd)
- Next by Date: Re: Information-technology Promotion Agency (JP) using several example CVEs (fwd)
- Previous by thread: Information-technology Promotion Agency (JP) using several example CVEs (fwd)
- Next by thread: Re: Information-technology Promotion Agency (JP) using several example CVEs (fwd)
- Index(es):