[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Agenda for CVE Board Meeting Wednesday, 15 November 2017

On Wed, 15 Nov 2017, Kurt Seifried wrote:

: Do we much care about the year assigned/vs the year it was asked for 
: acknowledged as a security issue? Looks like HackerOne may have done 
: mass 2017 assignment to a lot of old issues. e.g. 
: https://hackerone.com/reports/713

That has been the 'standard' or guideline for most of CVEs history. If 
that changes, I feel it critical that it be communicated to the 
and a disclaimer added somewhere on the CVE page(s). We're rapidly 
approaching where companies will start using CVE data to make general 
statements about how many vulnerabilities were disclosed in 2017, and 
do it largley based off the IDs.

Also note that many DWF assignments this year also broke from that, 
2017 assignments to issues as far back as 2012. This is not limited to 
HackerOne by any means.


Page Last Updated or Reviewed: November 16, 2017