|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Current standards/criteria for 'Undefined Behavior'
- To: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
- Subject: Re: Current standards/criteria for 'Undefined Behavior'
- From: Kurt Seifried <kseifried@redhat.com>
- Date: Fri, 7 Jul 2017 14:24:03 -0600
- Authentication-results: spf=none (sender IP is 129.83.29.2) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=fail action=none header.from=redhat.com;
- Cc: "pmeunier@cerias.purdue.edu" <pmeunier@cerias.purdue.edu>, "Coffin, Chris" <ccoffin@mitre.org>, Carsten Eiram <che@riskbasedsecurity.com>, cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
- Delivery-date: Mon Jul 10 08:14:07 2017
- In-reply-to: <MWHPR09MB14408FE90DFAAAC430044A89F0AA0@MWHPR09MB1440.namprd09.prod.outlook.com>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <alpine.LNX.2.00.1705021224040.32256@forced.attrition.org> <BY2PR09MB104693962DC9E3AFA1117DC9CC160@BY2PR09MB1046.namprd09.prod.outlook.com> <alpine.LNX.2.00.1705081849310.32256@forced.attrition.org> <59571B66-144E-4120-B166-7EDDD6C53E5D@mitre.org> <CACph5NXYh4g=NvHMXuE3xz5yip1SuF_Qqcvq5XyGp4Ns-FkihA@mail.gmail.com> <b61d743d-fae0-b9e4-c0d4-db9ee799f230@cert.org> <MWHPR09MB1485D96532AC748942475730A1AA0@MWHPR09MB1485.namprd09.prod.outlook.com> <alpine.LNX.2.00.1707071211180.3395@forced.attrition.org> <MWHPR09MB1440BDAAEA64A7057654921DF0AA0@MWHPR09MB1440.namprd09.prod.outlook.com> <MWHPR09MB14850889D355EC6534F77EF1A1AA0@MWHPR09MB1485.namprd09.prod.outlook.com> <1499456776.14288.3.camel@cerias.purdue.edu> <MWHPR09MB14408FE90DFAAAC430044A89F0AA0@MWHPR09MB1440.namprd09.prod.outlook.com>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 5952c28dcc454f0789fb433d26f936ef
- Spamdiagnosticoutput: 1:2
On Fri, Jul 7, 2017 at 1:55 PM, Waltermire, David A. (Fed) <david.waltermire@nist.gov> wrote:
Who is responsible for deciding how big/risky or small/minor a given issue is? I wouldn't want that job.
The problem is those present on the board call might think an issue is "small" and inconsequential. Those that might find a big problem in a small thing might not be present on a given call to raise such a concern. This is where there is value in sending a short email to the list to keep everyone looped in. We have had some examples of this in the past with changes to CVE status, impacts on downstream consumers, etc.
Regards,
Dave
I don't think anyone is advocating against email, but I don't think we want things getting stuck in email discussion limbo, something the phone calls are good for.
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com
- References:
- Re: Current standards/criteria for 'Undefined Behavior'
- From: Art Manion <amanion@cert.org>
- RE: Current standards/criteria for 'Undefined Behavior'
- From: "Coffin, Chris" <ccoffin@mitre.org>
- RE: Current standards/criteria for 'Undefined Behavior'
- From: jericho <jericho@attrition.org>
- RE: Current standards/criteria for 'Undefined Behavior'
- From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
- RE: Current standards/criteria for 'Undefined Behavior'
- From: "Coffin, Chris" <ccoffin@mitre.org>
- Re: Current standards/criteria for 'Undefined Behavior'
- From: Pascal Meunier <pmeunier@cerias.purdue.edu>
- RE: Current standards/criteria for 'Undefined Behavior'
- From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
- Re: Current standards/criteria for 'Undefined Behavior'
- Prev by Date: Re: Current standards/criteria for 'Undefined Behavior'
- Next by Date: Re: Current standards/criteria for 'Undefined Behavior'
- Previous by thread: RE: Current standards/criteria for 'Undefined Behavior'
- Next by thread: Re: Current standards/criteria for 'Undefined Behavior'
- Index(es):