Please welcome Kurt CVE to the CVE Editorial Board

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Please welcome Kurt CVE to the CVE Editorial Board

Stephen Boyle
Administrator

We are pleased to announce that Kurt Seifried of Red Hat has joined the CVE Editorial Board.

 

Kurt has spent over a decade advocating for, using, and contributing to CVE (Starting at iDefense, then iSIGHT partners and now at Red Hat). Kurt has not only made contributions to CVE, but has also contributed editorially such as spotting duplicates in years past. (Something which Kurt notes “...has largely gone away…  glad to say.”) 

 

Kurt typically spends time on CVE related tasks, e.g. assigning CVEs and training other members of the Red Hat Product Security (PS) team to assign CVE IDs, and has assigned 4,760 CVEs to date while at Red Hat.

 

Kurt said that he “look[s] forwards to working with the CVE board and community” and “ I think we have some challenges, and some opportunities to improve the situation for not only CVE, but of information security in general.”

 

Please join us in welcoming Kurt Seifried to the CVE Editorial Board.

 

Best Regards,

The MITRE CVE Team

Reply | Threaded
Open this post in threaded view
|

Re: Please welcome Kurt CVE to the CVE Editorial Board

Andy Balinsky (balinsky)
Welcome, Kurt.

And, Steven, is that pun in the title intentional? CVE in place of his last name, which sounds a lot like CeiVriEd? ;-)

Andy

On Nov 2, 2015, at 7:30 PM, Boyle, Stephen V. <[hidden email]> wrote:

We are pleased to announce that Kurt Seifried of Red Hat has joined the CVE Editorial Board.
 
Kurt has spent over a decade advocating for, using, and contributing to CVE (Starting at iDefense, then iSIGHT partners and now at Red Hat). Kurt has not only made contributions to CVE, but has also contributed editorially such as spotting duplicates in years past. (Something which Kurt notes “...has largely gone away…  glad to say.”) 
 
Kurt typically spends time on CVE related tasks, e.g. assigning CVEs and training other members of the Red Hat Product Security (PS) team to assign CVE IDs, and has assigned 4,760 CVEs to date while at Red Hat.
 
Kurt said that he “look[s] forwards to working with the CVE board and community” and “ I think we have some challenges, and some opportunities to improve the situation for not only CVE, but of information security in general.”
 
Please join us in welcoming Kurt Seifried to the CVE Editorial Board.
 
Best Regards,
The MITRE CVE Team


smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

RE: Please welcome Kurt CVE to the CVE Editorial Board

Stephen Boyle
Administrator

> And, Steven, is that pun in the title intentional? CVE in place of his last name, which sounds a lot like CeiVriEd? ;-)

 

No pun intended J

 

Steve

 

Reply | Threaded
Open this post in threaded view
|

Re: Please welcome Kurt CVE to the CVE Editorial Board

jericho
In reply to this post by Stephen Boyle
On Tue, 3 Nov 2015, Boyle, Stephen V. wrote:

: Kurt [..] has assigned 4,760 CVEs to date while at Red Hat.

Kind of surprised this number is so low honestly.

But, anyone on the board who works at a CNA, consider this please. He's
handing out assignments on oss-sec, which in 2015, is kind of the wild
west to a degree. This is not some researcher coming to your shop,
disclosing an issue in your product, where you have the most expertise.
Kurt is typically assigning IDs to an absurd amount of third-party
libraries, many of which your company uses. Even if you don't know it.

So... welcome Kurt! I advocated for you to be on the board for almost
three years, and I apologize in advance. =)

.b
Reply | Threaded
Open this post in threaded view
|

Re: Please welcome Kurt CVE to the CVE Editorial Board

Kurt Seifried


On Fri, Nov 6, 2015 at 11:28 PM, jericho <[hidden email]> wrote:
On Tue, 3 Nov 2015, Boyle, Stephen V. wrote:

: Kurt [..] has assigned 4,760 CVEs to date while at Red Hat.

Kind of surprised this number is so low honestly.

But, anyone on the board who works at a CNA, consider this please. He's
handing out assignments on oss-sec, which in 2015, is kind of the wild
west to a degree. This is not some researcher coming to your shop,
disclosing an issue in your product, where you have the most expertise.
Kurt is typically assigning IDs to an absurd amount of third-party
libraries, many of which your company uses. Even if you don't know it.


One note, Mitre has handled public CVE assignments on oss-security@ since the beginning of the year, Red Hat as a CNA (so myself, and now several other people) still handle internal Red Hat Open Source assignments, "private" assignments (people that email [hidden email] directly for OpenSource issues) and "public but not well known" issues, e.g. if we find a git commit somewhere, but things like the Apache ChangeLog or PHP ChangeLog get handled publicly by Mitre. So (fortunately I think =) I'm assigning a lot fewer CVEs now then in the previous years.
 

So... welcome Kurt! I advocated for you to be on the board for almost
three years, and I apologize in advance. =)

.b



--

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: [hidden email]