Date: Wed, 7 Feb 2024 13:41:49 -0500 From: Carlos O'Donell <carlos@...hat.com> To: oss-security@...ts.openwall.com Subject: The GNU C Library has been authorized by the CVE Program as a CVE Numbering Authority (CNA) The GNU C Library (glibc) is a key part of the trusted foundation in a secure and high-quality software supply chain and is used by the GNU Toolchain, the GNU system, and many of the GNU/Linux systems today. In an ongoing effort to improve security, the project has been authorized by the CVE Program as a CVE Numbering Authority (CNA): https://www.cve.org/Media/News/item/news/2024/02/06/GNU-C-Library-Added-as-CNA As a CNA the glibc security team will be working to improve the quality and response time of security advisories and mitigations. Over the coming months, the glibc security team will define the process for the CNA and establish best practices that can also be used by the rest of the GNU Toolchain. To receive notifications of new advisories please subscribe to the glibc announcement mailing list (libc-announce): https://sourceware.org/mailman/listinfo/libc-announce Advisories are published directly into the glibc git repository: https://sourceware.org/git/?p=glibc.git;a=tree;f=advisories;hb=HEAD For more information please see the project security documentation: https://sourceware.org/glibc/security.html
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.