Date: Mon, 22 May 2017 19:00:24 +0000 From: Jeremy Stanley <jeremy@...nstack.org> To: oss-security@...ts.openwall.com Subject: Re: How to request a CVE for open source projects On 2017-05-22 13:05:34 -0500 (-0500), Michael Catanzaro wrote: [...] > How are other people getting open source CVEs right now? Has anybody else > had luck getting a CVE via DWF? Should I be trying to do this through Red > Hat instead? Or just by filling out MITRE's CVE form even though we're not > really supposed to be using it? [...] OpenStack's been using MITRE's Web form to the best of our ability[*] and that seems to be working. Though it also has the side effect that a MITRE representative has reached out to us asking whether we'd like to become a CNA (our VMT is still trying to decide if that's worth pursuing). [*] https://security.openstack.org/vmt-process.html#send-cve-request -- Jeremy Stanley [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ