Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 10 Feb 2017 16:09:12 +0000
From: John Haxby <john.haxby@...cle.com>
To: oss-security@...ts.openwall.com
Subject: Re: MITRE is adding data intake to its CVE ID process

On 10/02/17 15:40, Priedhorsky, Reid wrote:
> To more efficiently assign and publish CVE IDs and to enable
> automation and data sharing within CVE operations, MITRE is changing
> the way it accepts CVE ID requests on the oss-security mailing list.
> Starting today, please direct CVE ID requests to this web form
> <https://cveform.mitre.org/>
> 
> I’ve been using the CVE requests on oss-security to maintain a reasonably comprehensive and timely list of vulnerabilities for specific products. It’s not clear to me how to do this when CVE requests happen offline in a web form.
> 
> Has this use case been considered? Is there an alternate way to accomplish my goal?

I'm glad someone else mentioned this -- I've been wondering too.

What would be nice is if the web form forwarded the request and CVE-ID
(suitably formatted) to oss-security or a similar list.

jch

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ