Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 22 May 2017 19:00:24 +0000
From: Jeremy Stanley <jeremy@...nstack.org>
To: oss-security@...ts.openwall.com
Subject: Re: How to request a CVE for open source projects

On 2017-05-22 13:05:34 -0500 (-0500), Michael Catanzaro wrote:
[...]
> How are other people getting open source CVEs right now? Has anybody else
> had luck getting a CVE via DWF? Should I be trying to do this through Red
> Hat instead? Or just by filling out MITRE's CVE form even though we're not
> really supposed to be using it?
[...]

OpenStack's been using MITRE's Web form to the best of our
ability[*] and that seems to be working. Though it also has the side
effect that a MITRE representative has reached out to us asking
whether we'd like to become a CNA (our VMT is still trying to decide
if that's worth pursuing).

[*] https://security.openstack.org/vmt-process.html#send-cve-request
-- 
Jeremy Stanley

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ