oss-sec mailing list archives
Re: MITRE is adding data intake to its CVE ID process
From: Stiepan <stie@itk.swiss>
Date: Fri, 10 Feb 2017 13:09:43 -0500
Same concern here; I second your suggestion, John. By the way, I have just tried the OVE ID alternative: good idea, but perhaps one button is a bit too frugal. What about adding at least the possibility of a title? This would probably encourage people to use OVEs. Of course, a catpcha might be needed in that event. Stiepan P.S.: While we're at it, let's use the two OVEs I have just wasted, OVE-20170210-0001 (forward CVE web request+ID to oss-sec) OVE-20170210-0002 (add a title option field to OVE web form), for the two aforementioned issues! -------- Original Message -------- Subject: Re: [oss-security] MITRE is adding data intake to its CVE ID process Local Time: 10 February 2017 5:08 PM UTC Time: 10 February 2017 16:09 From: john.haxby () oracle com To: oss-security () lists openwall com On 10/02/17 15:40, Priedhorsky, Reid wrote:
To more efficiently assign and publish CVE IDs and to enable automation and data sharing within CVE operations, MITRE is changing the way it accepts CVE ID requests on the oss-security mailing list. Starting today, please direct CVE ID requests to this web form <https://cveform.mitre.org/> I’ve been using the CVE requests on oss-security to maintain a reasonably comprehensive and timely list of vulnerabilities for specific products. It’s not clear to me how to do this when CVE requests happen offline in a web form. Has this use case been considered? Is there an alternate way to accomplish my goal?
I'm glad someone else mentioned this -- I've been wondering too. What would be nice is if the web form forwarded the request and CVE-ID (suitably formatted) to oss-security or a similar list. jch
Current thread:
- MITRE is adding data intake to its CVE ID process cve-assign (Feb 08)
- Re: MITRE is adding data intake to its CVE ID process P J P (Feb 08)
- Re: MITRE is adding data intake to its CVE ID process Simon McVittie (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process Jeremy Stanley (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process Peter Bex (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process Steven R. Loomis (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process Amos Jeffries (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process Jeremy Stanley (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process John Haxby (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Stiepan (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Simon McVittie (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Pierre Schweitzer (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Moritz Muehlenhoff (Feb 11)
- Re: MITRE is adding data intake to its CVE ID process Bob Friesenhahn (Feb 11)
- RE: MITRE is adding data intake to its CVE ID process Ben Tasker (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Mike Gerwitz (Feb 10)
- RE: MITRE is adding data intake to its CVE ID process Maier, Kurt H (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Tim (Feb 10)