Date: Mon, 22 May 2017 22:28:04 -0400 From: "Perry E. Metzger" <perry@...rmont.com> To: Kurt Seifried <kseifried@...hat.com> Cc: oss-security@...ts.openwall.com Subject: Re: How to request a CVE for open source projects On Mon, 22 May 2017 20:04:41 -0600 Kurt Seifried <kseifried@...hat.com> wrote: > > Primarily, freeform discussion of the sort that occurred on this > > list as a natural outcropping of the CVE request process led to > > people linking to verification code, temporary mitigations, > > highlighting of incomplete fixes, and the sort of information > > that was requested earlier in this thread. This ability to > > easily chip in to ongoing situations wasn't just useful for mitre > > staff doing CVE work, it was also useful for the "community of > > practice" looking for the latest information regarding > > self-defense. I've prevented more than one attack thanks to a > > one-off reply from someone in response to a CVE request. > > You can still do this. oss-security is a list run by Solar Designer > (openwall.com). I happen to be a long time poster/moderator, but I > have no official control/etc (I don't even block posts, that's up > to solar, I just allow stuff or ignore it when it's up for > moderation). Maybe after CVEs are assigned the forms could be emailed to the list as a replacement for the old request emails, to kick off discussion and alert people to their existence? Perry -- Perry E. Metzger perry@...rmont.com
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ