Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 15 Feb 2017 15:03:24 +0100
From: Raphael Geissert <geissert@...ian.org>
To: Open Source Security <oss-security@...ts.openwall.com>
Subject: Re: MITRE is adding data intake to its CVE ID process

Hi,

On 12 February 2017 at 00:35, Solar Designer <solar@...nwall.com> wrote:
> On Fri, Feb 10, 2017 at 10:59:27PM -0500, cve-assign@...re.org wrote:
>> C5. I want MITRE to send the https://cveform.mitre.org form data, and
>> the CVE ID, to the oss-security list at the same time that these are
>> sent to the requester.
>>
>> R5. We have had internal discussions within MITRE about this. We are
>> able to implement this easily if the community requires this approach.
>> At the moment, we are expecting the requester to resend this
>> information to oss-security once they accept their CVE ID assignment.
[...]
> MITRE - can you please implement that, and we'll see how it goes and
> whether we need it adjusted or possibly discontinued if things go wrong
> or if there's opposition (so far, there's almost none)?
>
>> Please see http://www.openwall.com/lists/oss-security/2017/02/09/26
>> for an example.
>
> This is also an example of how the change breaks threading.  First,
> there was a thread about the issue on the list.  Then there was CVE
> request and assignment off-list.  And then there's this new thread on
> the CVE assignment.

If this was to be implemented, the submitter could also just include
the message-id of the related oss-sec post.
The mail by MITRE could then set a In-Reply-To accordingly to avoid
thread breaking.

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ