[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Agenda item - broken embargoes

So I had someone submit a CVE request to the PUBLIC form iwantacve.org, and then go "oops, can you delete that" to which I replied "no, genies out of the bottle, sorry", is there any official MITRE or CVE policy on such a thing? I know in the Open Source world (e.g. distros list) any public leak is treated as the embargo being broken because, well, it is. I'm inclined to keep that policy for the DWF, but was wondering if anyone else had any thoughts/comments/concerns? I know it's more of an internal CNA matter but it might be good to provide some guidance or at least information of the pros/cons around this.

Kurt Seifried

Page Last Updated or Reviewed: March 21, 2018