Date: Mon, 22 May 2017 19:00:24 +0000 From: Jeremy Stanley <jeremy@...nstack.org> To: oss-security@...ts.openwall.com Subject: Re: How to request a CVE for open source projects On 2017-05-22 13:05:34 -0500 (-0500), Michael Catanzaro wrote: [...] > How are other people getting open source CVEs right now? Has anybody else > had luck getting a CVE via DWF? Should I be trying to do this through Red > Hat instead? Or just by filling out MITRE's CVE form even though we're not > really supposed to be using it? [...] OpenStack's been using MITRE's Web form to the best of our ability[*] and that seems to be working. Though it also has the side effect that a MITRE representative has reached out to us asking whether we'd like to become a CNA (our VMT is still trying to decide if that's worth pursuing). [*] https://security.openstack.org/vmt-process.html#send-cve-request -- Jeremy Stanley Download attachment "signature.asc" of type "application/pgp-signature" (950 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.