[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Problematic assignments for subpar reports via CVE request form
- To: jericho <jericho@attrition.org>
- Subject: Re: Problematic assignments for subpar reports via CVE request form
- From: Kurt Seifried <kseifried@redhat.com>
- Date: Mon, 23 Oct 2017 11:53:59 -0600
- Authentication-results: spf=none (sender IP is 129.83.29.3) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=fail action=none header.from=redhat.com;
- Cc: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
- Delivery-date: Mon Oct 23 13:57:43 2017
- In-reply-to: <alpine.LNX.2.00.1710231230270.21035@forced.attrition.org>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <CACph5NWoe1C7G0suzRH-Xc4HREUO+x4k88WNuuK1KZg1VRNwyg@mail.gmail.com> <3c7155a4-16b3-7ce7-1020-2686e3e81712@cert.org> <CANO=Ty0DiaGyP1LB4OgMLbys4dcC1w0ZCvNW5H6DL6PWnTBmWw@mail.gmail.com> <alpine.LNX.2.00.1710231230270.21035@forced.attrition.org>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 5952c28dcc454f0789fb433d26f936ef
- Spamdiagnosticoutput: 1:2
I would say simply: ban him until he shows improvement and sticks to it. Why place a time limit on it? Either he starts making good requests, or he doesn't.
On Mon, Oct 23, 2017 at 11:32 AM, jericho <jericho@attrition.org> wrote:
On Mon, 23 Oct 2017, Kurt Seifried wrote:
: ask for even more detail/proof. I would only go to the ban phase if they
: are flooding in requests that are still of poor quality despite being
: told they need to do better quality requests, I would suggest we adopt
: this, it's somewhat subjective, but relatively simple:
He is flooding in requests that are still of poor quality.
He has been told his reports are difficult to process. He was asked to
include his crashing PoCs, he still does not. He deleted the public issue
in which I asked him to do so. He shut down the issue tracker on the
GitHub repo so we cannot raise issues with his reports.
To me, that meets the bar for a temporary ban until he better appreciates
that his reports are lacking serious detail and contain numerous
duplicates.
Brian
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com
- Follow-Ups:
- Re: Problematic assignments for subpar reports via CVE request form
- From: jericho <jericho@attrition.org>
- Re: Problematic assignments for subpar reports via CVE request form
- References:
- Problematic assignments for subpar reports via CVE request form
- From: Carsten Eiram <che@riskbasedsecurity.com>
- Re: Problematic assignments for subpar reports via CVE request form
- From: Art Manion <amanion@cert.org>
- Re: Problematic assignments for subpar reports via CVE request form
- From: Kurt Seifried <kseifried@redhat.com>
- Re: Problematic assignments for subpar reports via CVE request form
- From: jericho <jericho@attrition.org>
- Problematic assignments for subpar reports via CVE request form
- Prev by Date: Re: Problematic assignments for subpar reports via CVE request form
- Next by Date: Re: Problematic assignments for subpar reports via CVE request form
- Previous by thread: Re: Problematic assignments for subpar reports via CVE request form
- Next by thread: Re: Problematic assignments for subpar reports via CVE request form
- Index(es):
