Re: [oss-security] Concerns about CVE coverage shrinking - direct impact to researchers/companies

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [oss-security] Concerns about CVE coverage shrinking - direct impact to researchers/companies

kseifried@redhat.com


On Wed, Mar 9, 2016 at 12:04 PM, David A. Wheeler <[hidden email]> wrote:
All - I've chatted with some of the people who fund the CVE work at MITRE.
I've learned that CVEs *are* being issued, but obviously that is happening too slowly.

They're having a meeting tomorrow (March 10) to try to figure out what
the problems are and how to fix it.  I don't know what they'll do.
However, I'm hopeful that  this will mean that the CVE work will get
back on track soon.

--- David A. Wheeler

This is literally the first I'm hearing of this, will any board members be present?


--

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: [oss-security] Concerns about CVE coverage shrinking - direct impact to researchers/companies

Stephen Boyle
Administrator
Hi Kurt and David,

The CVE team is holding a series of internal meetings related to the referenced issues, including one tomorrow. There is not a meeting with the Editorial Board (or a subset of Editorial Board members) scheduled for or being held tomorrow.

We would like to propose an Editorial Board meeting to address issues related to CVE operations, scalability, and community feedback, as was first suggested by Kent Landfield on January 5, 2016. (Full discussion thread available at: http://common-vulnerabilities-and-exposures-cve-editorial-board.1128451.n5.nabble.com/CVE-Advancements-tt81.html)

 The internal meetings referenced above will enable us to come to that Editorial Board meeting with specific recommendations and proposed next steps.  

Best Regards,
The MITRE CVE Team

-----Original Message-----
From: Kurt Seifried [mailto:[hidden email]]
Sent: Wednesday, March 09, 2016 2:06 PM
To: David A. Wheeler <[hidden email]>; cve-editorial-board-list <[hidden email]>
Cc: oss-security <[hidden email]>
Subject: Re: [oss-security] Concerns about CVE coverage shrinking - direct impact to researchers/companies

On Wed, Mar 9, 2016 at 12:04 PM, David A. Wheeler <[hidden email]>
wrote:

> All - I've chatted with some of the people who fund the CVE work at MITRE.
> I've learned that CVEs *are* being issued, but obviously that is happening
> too slowly.
>
> They're having a meeting tomorrow (March 10) to try to figure out what
> the problems are and how to fix it.  I don't know what they'll do.
> However, I'm hopeful that  this will mean that the CVE work will get
> back on track soon.
>
> --- David A. Wheeler
>

This is literally the first I'm hearing of this, will any board members be
present?


--

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [oss-security] Concerns about CVE coverage shrinking - direct impact to researchers/companies

kseifried@redhat.com


On Wed, Mar 9, 2016 at 1:28 PM, Boyle, Stephen V. <[hidden email]> wrote:
Hi Kurt and David,

The CVE team is holding a series of internal meetings related to the referenced issues, including one tomorrow. There is not a meeting with the Editorial Board (or a subset of Editorial Board members) scheduled for or being held tomorrow.

We would like to propose an Editorial Board meeting to address issues related to CVE operations, scalability, and community feedback, as was first suggested by Kent Landfield on January 5, 2016. (Full discussion thread available at: http://common-vulnerabilities-and-exposures-cve-editorial-board.1128451.n5.nabble.com/CVE-Advancements-tt81.html)

 The internal meetings referenced above will enable us to come to that Editorial Board meeting with specific recommendations and proposed next steps.

Thanks, it's good to know things are moving forwards.


--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: [hidden email]
Loading...