Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 10 Feb 2017 13:09:43 -0500
From: Stiepan <stie@....swiss>
To: oss-security@...ts.openwall.com
Subject: Re: MITRE is adding data intake to its CVE ID process

Same concern here; I second your suggestion, John.

By the way, I have just tried the OVE ID alternative:
good idea, but perhaps one button is a bit too frugal.
What about adding at least the possibility of a title?
This would probably encourage people to use OVEs.
Of course, a catpcha might be needed in that event.

Stiepan

P.S.: While we're at it, let's use the two OVEs I have just wasted,
OVE-20170210-0001 (forward CVE web request+ID to oss-sec)
OVE-20170210-0002 (add a title option field to OVE web form),
for the two aforementioned issues!


-------- Original Message --------
Subject: Re: [oss-security] MITRE is adding data intake to its CVE ID process
Local Time: 10 February 2017 5:08 PM
UTC Time: 10 February 2017 16:09
From: john.haxby@...cle.com
To: oss-security@...ts.openwall.com

On 10/02/17 15:40, Priedhorsky, Reid wrote:
> To more efficiently assign and publish CVE IDs and to enable
> automation and data sharing within CVE operations, MITRE is changing
> the way it accepts CVE ID requests on the oss-security mailing list.
> Starting today, please direct CVE ID requests to this web form
> <https://cveform.mitre.org/>
>
> I’ve been using the CVE requests on oss-security to maintain a reasonably comprehensive and timely list of vulnerabilities for specific products. It’s not clear to me how to do this when CVE requests happen offline in a web form.
>
> Has this use case been considered? Is there an alternate way to accomplish my goal?

I'm glad someone else mentioned this -- I've been wondering too.

What would be nice is if the web form forwarded the request and CVE-ID
(suitably formatted) to oss-security or a similar list.

jch

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ