Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 9 Jun 2015 13:08:51 -0400 (EDT)
From: "Steven M. Christey" <coley@...re.org>
To: mancha <mancha1@...o.com>
cc: oss-security@...ts.openwall.com, cve-assign@...re.org
Subject: Re: MITRE delays persist


> Back in mid-March you wrote an email addressing the CVE assignment
> delays people had been experiencing. [1]
>
> I was relieved when I received your email because I had several
> outstanding requests and was wondering why they were being held up.
>
> Unfortunately, almost 11 weeks has passed since your email and my
> pending requests have yet to be addressed.
>
> Would you please provide an update on the steps MITRE is taking to
> become more responsive and provide a hard timeline on clearing of the
> existing backlog?
>
> For example, I have pending requests dating back to mid-February.
>
> Thank you.
>
> [1] http://marc.info/?l=oss-security&m=142679274522902&w=2

Some requests are delayed because of complexity in deciding how 
vulnerability information can be best represented in CVE. If there is a 
vulnerability-research category, aspect, or approach that we feel may have 
unexpected concerns that are specific to CVE, we prefer to resolve that 
within our team, rather than follow a piecemeal approach to the related 
individual requests. Accordingly, we do not designate a timeline that 
applies globally to every request. If anyone needs additional confirmation 
that a request has indeed been received and read, and that we are aware of 
it remaining unanswered, sending directly to the cve-assign@...re.org 
address is the best option.


---
CVE Assignment Team, MITRE CVE Numbering Authority

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ