Date: Wed, 9 Mar 2016 11:07:19 -0800 From: Reed Loden <reed@...dloden.com> To: oss-security@...ts.openwall.com Cc: kseifried <kseifried@...hat.com> Subject: Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Issued to some people, perhaps, but there are plenty of examples of MITRE not issuing CVEs even after multiple months and pokes. Understand MITRE is resource constrained, but they are blocking new CNAs as well, which doesn't help. Just check out the board list archives ( https://cve.mitre.org/data/board/archives/). MITRE isn't responding at all to people's concerns. ~reed On Wed, Mar 9, 2016 at 11:04 AM, David A. Wheeler <dwheeler@...eeler.com> wrote: > All - I've chatted with some of the people who fund the CVE work at MITRE. > I've learned that CVEs *are* being issued, but obviously that is happening > too slowly. > > They're having a meeting tomorrow (March 10) to try to figure out what > the problems are and how to fix it. I don't know what they'll do. > However, I'm hopeful that this will mean that the CVE work will get > back on track soon. > > --- David A. Wheeler >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ