[EXT] Question on compliance

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[EXT] Question on compliance

Landfield, Kent

To begin with, I am not doing anything other than pointing out something to track for future CNA compliance concerns. 


I see that this Advisory location for Vivo has nothing listed.  This may just be that they have not had a central place in the past and this is new to them. My question is, while they comply with the need for a designated place to post advisories, is there some trigger mechanism we can put in place to assure in the future they use this location for advisories?  Would probably not be a concern if there were previous advisories listed but since there is none, it got me thinking that we should consider checking on new CNAs to assure they use their indicated location in the future…




Thank you, Gracias, Grazie,  谢谢, Merci!, Спасибо!, Bedankt,Danke!ありがとうधन्यवाद!


Kent Landfield


[hidden email]



From: "Bazar, Jo E." <[hidden email]>
Date: Friday, April 3, 2020 at 9:51 AM
To: CVE Editorial Board Discussion <[hidden email]>
Subject: New CNA - Vivo Mobile Communication Technology Co.,LTD


CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe.




MITRE is happy to announce Vivo Mobile Communication Technology Co.,LTD.  as a new CNA.


Organization Name:  Vivo Mobile Communication Technology Co.,LTD.
Organization Location:  China
Scope:  Vivo issues only
Disclosure Policy location:  https://www.vivo.com/en/activity/security-advisory
Advisory locations:  https://www.vivo.com/en/activity/security-advisory
Public point of contact:  [hidden email]
CNA Type:  Vendors and Projects




Jo Bazar

Lead CNA Coordinator| [hidden email]

[hidden email]