Date: Wed, 15 Feb 2017 15:03:24 +0100 From: Raphael Geissert <geissert@...ian.org> To: Open Source Security <oss-security@...ts.openwall.com> Subject: Re: MITRE is adding data intake to its CVE ID process Hi, On 12 February 2017 at 00:35, Solar Designer <solar@...nwall.com> wrote: > On Fri, Feb 10, 2017 at 10:59:27PM -0500, cve-assign@...re.org wrote: >> C5. I want MITRE to send the https://cveform.mitre.org form data, and >> the CVE ID, to the oss-security list at the same time that these are >> sent to the requester. >> >> R5. We have had internal discussions within MITRE about this. We are >> able to implement this easily if the community requires this approach. >> At the moment, we are expecting the requester to resend this >> information to oss-security once they accept their CVE ID assignment. [...] > MITRE - can you please implement that, and we'll see how it goes and > whether we need it adjusted or possibly discontinued if things go wrong > or if there's opposition (so far, there's almost none)? > >> Please see http://www.openwall.com/lists/oss-security/2017/02/09/26 >> for an example. > > This is also an example of how the change breaks threading. First, > there was a thread about the issue on the list. Then there was CVE > request and assignment off-list. And then there's this new thread on > the CVE assignment. If this was to be implemented, the submitter could also just include the message-id of the related oss-sec post. The mail by MITRE could then set a In-Reply-To accordingly to avoid thread breaking. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ