DWF CVE ID Descriptive Content

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

DWF CVE ID Descriptive Content

Coffin, Chris

All,

As we discussed in the board call yesterday, we have turned on the descriptive content within the DWF CNA data stream. An example of a complete DWF-assigned and populated CVE ID is referenced below.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000000

The descriptive content for these CVE IDs is authored by DWF CNA. As such, the descriptive content can look quite a bit different from the content traditionally developed by MITRE. Please let us know if you have any suggestions or concerns, and we will work with the DWF CNA as appropriate.

The complete list of populated DWF CVE IDs is as follows:

 

CVE-2015-1000000

CVE-2015-1000001

CVE-2015-1000002

CVE-2015-1000003

CVE-2015-1000004

CVE-2015-1000005

CVE-2015-1000006

CVE-2015-1000007

CVE-2015-1000008

CVE-2015-1000009

CVE-2015-1000010

CVE-2015-1000011

CVE-2015-1000012

CVE-2015-1000013

CVE-2016-1000000

CVE-2016-1000009

CVE-2016-1000014

CVE-2016-1000217

 

 

Chris Coffin

The CVE Team

Reply | Threaded
Open this post in threaded view
|

Re: DWF CVE ID Descriptive Content

Kurt Seifried
One note:

I just had [hidden email] accept the CVE Terms of Use, but he requested the CVE as [hidden email] email alias. I don't want us to have to get into the realms of email address normalization (+foo, dots in gmail addresses, etc.). So I'm going to update the DWF Database to reflect the correct email, and in future the confirmation of acceptance of MITRE CVE ToU will contain a GUID so I can say with certainty for example that the email was sent to [hidden email] and despite coming back "from" [hidden email] it is indeed legitimate for [hidden email]


On Thu, Oct 6, 2016 at 11:02 AM, Coffin, Chris <[hidden email]> wrote:

All,

As we discussed in the board call yesterday, we have turned on the descriptive content within the DWF CNA data stream. An example of a complete DWF-assigned and populated CVE ID is referenced below.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000000

The descriptive content for these CVE IDs is authored by DWF CNA. As such, the descriptive content can look quite a bit different from the content traditionally developed by MITRE. Please let us know if you have any suggestions or concerns, and we will work with the DWF CNA as appropriate.

The complete list of populated DWF CVE IDs is as follows:

 

CVE-2015-1000000

CVE-2015-1000001

CVE-2015-1000002

CVE-2015-1000003

CVE-2015-1000004

CVE-2015-1000005

CVE-2015-1000006

CVE-2015-1000007

CVE-2015-1000008

CVE-2015-1000009

CVE-2015-1000010

CVE-2015-1000011

CVE-2015-1000012

CVE-2015-1000013

CVE-2016-1000000

CVE-2016-1000009

CVE-2016-1000014

CVE-2016-1000217

 

 

Chris Coffin

The CVE Team




--

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: DWF CVE ID Descriptive Content

Coffin, Chris

Thanks Kurt! We will make sure this gets reflected in a later update of the content.

 

Chris

 

From: Kurt Seifried [mailto:[hidden email]]
Sent: Thursday, October 06, 2016 12:23 PM
To: Coffin, Chris <[hidden email]>
Cc: cve-editorial-board-list <[hidden email]>
Subject: Re: DWF CVE ID Descriptive Content

 

One note:

 

I just had [hidden email] accept the CVE Terms of Use, but he requested the CVE as [hidden email] email alias. I don't want us to have to get into the realms of email address normalization (+foo, dots in gmail addresses, etc.). So I'm going to update the DWF Database to reflect the correct email, and in future the confirmation of acceptance of MITRE CVE ToU will contain a GUID so I can say with certainty for example that the email was sent to [hidden email] and despite coming back "from" [hidden email] it is indeed legitimate for [hidden email]

 

 

On Thu, Oct 6, 2016 at 11:02 AM, Coffin, Chris <[hidden email]> wrote:

All,

As we discussed in the board call yesterday, we have turned on the descriptive content within the DWF CNA data stream. An example of a complete DWF-assigned and populated CVE ID is referenced below.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000000

The descriptive content for these CVE IDs is authored by DWF CNA. As such, the descriptive content can look quite a bit different from the content traditionally developed by MITRE. Please let us know if you have any suggestions or concerns, and we will work with the DWF CNA as appropriate.

The complete list of populated DWF CVE IDs is as follows:

 

CVE-2015-1000000

CVE-2015-1000001

CVE-2015-1000002

CVE-2015-1000003

CVE-2015-1000004

CVE-2015-1000005

CVE-2015-1000006

CVE-2015-1000007

CVE-2015-1000008

CVE-2015-1000009

CVE-2015-1000010

CVE-2015-1000011

CVE-2015-1000012

CVE-2015-1000013

CVE-2016-1000000

CVE-2016-1000009

CVE-2016-1000014

CVE-2016-1000217

 

 

Chris Coffin

The CVE Team



 

--

 

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: 
[hidden email]