[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Agenda for CVE Board Meeting Wednesday, 15 November 2017
- To: Kurt Seifried <kseifried@redhat.com>
- Subject: Re: Agenda for CVE Board Meeting Wednesday, 15 November 2017
- From: jericho <jericho@attrition.org>
- Date: Wed, 15 Nov 2017 12:09:49 -0600
- Authentication-results: spf=none (sender IP is 129.83.29.3) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=attrition.org;
- Cc: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
- Delivery-date: Wed Nov 15 13:50:52 2017
- Importance: high
- In-reply-to: <CANO=Ty3Bw9eT7qsSVBzRs65+xEbhDp3kpVciqWZLaP+K+kZQfA@mail.gmail.com>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <DM5PR09MB1164A57009F7CC7D275E262AB1280@DM5PR09MB1164.namprd09.prod.outlook.com> <MWHPR09MB14566C5E6F01CE19610BB9E2A1280@MWHPR09MB1456.namprd09.prod.outlook.com> <CY4PR09MB14959ACE05638F0FFBD1E464F0290@CY4PR09MB1495.namprd09.prod.outlook.com> <CANO=Ty3Bw9eT7qsSVBzRs65+xEbhDp3kpVciqWZLaP+K+kZQfA@mail.gmail.com>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 5952c28dcc454f0789fb433d26f936ef
- Spamdiagnosticoutput: 1:2
- User-agent: Alpine 2.00 (LNX 1167 2008-08-23)
On Wed, 15 Nov 2017, Kurt Seifried wrote: : Do we much care about the year assigned/vs the year it was asked for and : acknowledged as a security issue? Looks like HackerOne may have done a : mass 2017 assignment to a lot of old issues. e.g. : https://hackerone.com/reports/713 That has been the 'standard' or guideline for most of CVEs history. If that changes, I feel it critical that it be communicated to the community and a disclaimer added somewhere on the CVE page(s). We're rapidly approaching where companies will start using CVE data to make general statements about how many vulnerabilities were disclosed in 2017, and many do it largley based off the IDs. Also note that many DWF assignments this year also broke from that, giving 2017 assignments to issues as far back as 2012. This is not limited to HackerOne by any means. Brian
- Follow-Ups:
- RE: Agenda for CVE Board Meeting Wednesday, 15 November 2017
- From: "Millar, Thomas" <Thomas.Millar@hq.dhs.gov>
- Re: Agenda for CVE Board Meeting Wednesday, 15 November 2017
- From: Art Manion <amanion@cert.org>
- RE: Agenda for CVE Board Meeting Wednesday, 15 November 2017
- References:
- Agenda for CVE Board Meeting Wednesday, 15 November 2017
- From: Common Vulnerabilities & Exposures <cve@mitre.org>
- RE: Agenda for CVE Board Meeting Wednesday, 15 November 2017
- From: "Coffin, Chris" <ccoffin@mitre.org>
- Re: Agenda for CVE Board Meeting Wednesday, 15 November 2017
- From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
- Re: Agenda for CVE Board Meeting Wednesday, 15 November 2017
- From: Kurt Seifried <kseifried@redhat.com>
- Agenda for CVE Board Meeting Wednesday, 15 November 2017
- Prev by Date: Re: Agenda for CVE Board Meeting Wednesday, 15 November 2017
- Next by Date: RE: Agenda for CVE Board Meeting Wednesday, 15 November 2017
- Previous by thread: Re: Agenda for CVE Board Meeting Wednesday, 15 November 2017
- Next by thread: RE: Agenda for CVE Board Meeting Wednesday, 15 November 2017
- Index(es):
