education suggestion

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

education suggestion

kseifried@redhat.com
So it would appear many people are losing their mind on oss-security, which is not surprising as we haven't really educated people about what's up. 

I would suggest we come up with a quick one page education document that covers the new way forwards and why it's better/more sustainable, major points to include:

1) moving forwards it's all about structured data and automation, random email requests is not sustainable

2) MITRE has minted many more CNAs (and continues to do so) so there won't need to be as many requests to MITRE

3) the DWF is in the process of doing the CVE Mentor and multiple CNA roll out, which will be way more efficient/easier then everyone in the OpenSource community having to poke MITRE constantly

 

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: education suggestion

Coffin, Chris

Ø  So it would appear many people are losing their mind on oss-security, which is not surprising as we haven't really educated people about what's up. 

 

Just a heads up to the Board on this, we will be putting together a response to all of the comments received so far on the oss-security mailing list. I expect to get something sent out midday tomorrow.

 

Ø  I would suggest we come up with a quick one page education document that covers the new way forwards and why it's better/more sustainable

 

This is a great idea Kurt! We will draft something and get it sent out as soon as possible.

 

Chris Coffin

The CVE Team

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Kurt Seifried
Sent: Thursday, February 09, 2017 10:36 AM
To: cve-editorial-board-list <[hidden email]>
Subject: education suggestion

 

So it would appear many people are losing their mind on oss-security, which is not surprising as we haven't really educated people about what's up. 

 

I would suggest we come up with a quick one page education document that covers the new way forwards and why it's better/more sustainable, major points to include:

 

1) moving forwards it's all about structured data and automation, random email requests is not sustainable

 

2) MITRE has minted many more CNAs (and continues to do so) so there won't need to be as many requests to MITRE

 

3) the DWF is in the process of doing the CVE Mentor and multiple CNA roll out, which will be way more efficient/easier then everyone in the OpenSource community having to poke MITRE constantly

 

 

 

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: 
[hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: education suggestion

Coffin, Chris

Here is the one page document we put together on future vision and direction of the program. We’d like to use this in the next response on the Oss-security mailing list discussion. If anyone has any significant comments or suggestions, please try to provide them by COB tomorrow.

 

Chris Coffin

The CVE Team

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Coffin, Chris
Sent: Thursday, February 09, 2017 6:03 PM
To: Kurt Seifried <[hidden email]>; cve-editorial-board-list <[hidden email]>
Subject: RE: education suggestion

 

Ø  So it would appear many people are losing their mind on oss-security, which is not surprising as we haven't really educated people about what's up. 

 

Just a heads up to the Board on this, we will be putting together a response to all of the comments received so far on the oss-security mailing list. I expect to get something sent out midday tomorrow.

 

Ø  I would suggest we come up with a quick one page education document that covers the new way forwards and why it's better/more sustainable

 

This is a great idea Kurt! We will draft something and get it sent out as soon as possible.

 

Chris Coffin

The CVE Team

 

From: [hidden email] [[hidden email]] On Behalf Of Kurt Seifried
Sent: Thursday, February 09, 2017 10:36 AM
To: cve-editorial-board-list <[hidden email]>
Subject: education suggestion

 

So it would appear many people are losing their mind on oss-security, which is not surprising as we haven't really educated people about what's up. 

 

I would suggest we come up with a quick one page education document that covers the new way forwards and why it's better/more sustainable, major points to include:

 

1) moving forwards it's all about structured data and automation, random email requests is not sustainable

 

2) MITRE has minted many more CNAs (and continues to do so) so there won't need to be as many requests to MITRE

 

3) the DWF is in the process of doing the CVE Mentor and multiple CNA roll out, which will be way more efficient/easier then everyone in the OpenSource community having to poke MITRE constantly

 

 

 

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: 
[hidden email]


CVE_Vision_v2.docx (180K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: education suggestion

Millar, Thomas
I like this. No substantive comments from me. I'd say "instance" instead of "occurrence" though.



Tom Millar, US-CERT

Sent from +1-202-631-1915
https://www.us-cert.gov
 

From: [hidden email] on behalf of Coffin, Chris
Sent: Thursday, February 16, 2017 3:59:52 PM
To: Kurt Seifried; cve-editorial-board-list
Subject: RE: education suggestion

Here is the one page document we put together on future vision and direction of the program. We’d like to use this in the next response on the Oss-security mailing list discussion. If anyone has any significant comments or suggestions, please try to provide them by COB tomorrow.

 

Chris Coffin

The CVE Team

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Coffin, Chris
Sent: Thursday, February 09, 2017 6:03 PM
To: Kurt Seifried <[hidden email]>; cve-editorial-board-list <[hidden email]>
Subject: RE: education suggestion

 

Ø  So it would appear many people are losing their mind on oss-security, which is not surprising as we haven't really educated people about what's up. 

 

Just a heads up to the Board on this, we will be putting together a response to all of the comments received so far on the oss-security mailing list. I expect to get something sent out midday tomorrow.

 

Ø  I would suggest we come up with a quick one page education document that covers the new way forwards and why it's better/more sustainable

 

This is a great idea Kurt! We will draft something and get it sent out as soon as possible.

 

Chris Coffin

The CVE Team

 

From: [hidden email] [[hidden email]] On Behalf Of Kurt Seifried
Sent: Thursday, February 09, 2017 10:36 AM
To: cve-editorial-board-list <[hidden email]>
Subject: education suggestion

 

So it would appear many people are losing their mind on oss-security, which is not surprising as we haven't really educated people about what's up. 

 

I would suggest we come up with a quick one page education document that covers the new way forwards and why it's better/more sustainable, major points to include:

 

1) moving forwards it's all about structured data and automation, random email requests is not sustainable

 

2) MITRE has minted many more CNAs (and continues to do so) so there won't need to be as many requests to MITRE

 

3) the DWF is in the process of doing the CVE Mentor and multiple CNA roll out, which will be way more efficient/easier then everyone in the OpenSource community having to poke MITRE constantly

 

 

 

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: 
[hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: education suggestion

Landfield, Kent B

Here is an edited version of the document with a couple additional comments.  Concur with Tom’s comment below.  This is valuable for the current situation but very useful overall...

 

---

Kent Landfield

+1.817.637.8026

 

From: <[hidden email]> on behalf of "Millar, Thomas" <[hidden email]>
Date: Thursday, February 16, 2017 at 8:32 AM
To: "Coffin, Chris" <[hidden email]>, Kurt Seifried <[hidden email]>, cve-editorial-board-list <[hidden email]>
Subject: RE: education suggestion

 

I like this. No substantive comments from me. I'd say "instance" instead of "occurrence" though.



Tom Millar, US-CERT

Sent from +1-202-631-1915
https://www.us-cert.gov

 


From: [hidden email] on behalf of Coffin, Chris
Sent: Thursday, February 16, 2017 3:59:52 PM
To: Kurt Seifried; cve-editorial-board-list
Subject: RE: education suggestion

Here is the one page document we put together on future vision and direction of the program. We’d like to use this in the next response on the Oss-security mailing list discussion. If anyone has any significant comments or suggestions, please try to provide them by COB tomorrow.

 

Chris Coffin

The CVE Team

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Coffin, Chris
Sent: Thursday, February 09, 2017 6:03 PM
To: Kurt Seifried <[hidden email]>; cve-editorial-board-list <[hidden email]>
Subject: RE: education suggestion

 

Ø  So it would appear many people are losing their mind on oss-security, which is not surprising as we haven't really educated people about what's up. 

 

Just a heads up to the Board on this, we will be putting together a response to all of the comments received so far on the oss-security mailing list. I expect to get something sent out midday tomorrow.

 

Ø  I would suggest we come up with a quick one page education document that covers the new way forwards and why it's better/more sustainable

 

This is a great idea Kurt! We will draft something and get it sent out as soon as possible.

 

Chris Coffin

The CVE Team

 

From: [hidden email] [[hidden email]] On Behalf Of Kurt Seifried
Sent: Thursday, February 09, 2017 10:36 AM
To: cve-editorial-board-list <[hidden email]>
Subject: education suggestion

 

So it would appear many people are losing their mind on oss-security, which is not surprising as we haven't really educated people about what's up. 

 

I would suggest we come up with a quick one page education document that covers the new way forwards and why it's better/more sustainable, major points to include:

 

1) moving forwards it's all about structured data and automation, random email requests is not sustainable

 

2) MITRE has minted many more CNAs (and continues to do so) so there won't need to be as many requests to MITRE

 

3) the DWF is in the process of doing the CVE Mentor and multiple CNA roll out, which will be way more efficient/easier then everyone in the OpenSource community having to poke MITRE constantly

 

 

 

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: 
[hidden email]


CVE_Vision_v2-kbl-v1.docx (186K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: education suggestion

Coffin, Chris

Thanks to Tom and Kent for the quick feedback!

 

The attached is an updated version that includes the changes based on their edits and comments. I am currently trying to keep the document to a single page, but am struggling with what to remove. I added an example to explain the Sub-Root-CNA clarification, and this may or may not be needed. Any suggestions would be appreciated.

 

Chris

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Landfield, Kent B
Sent: Thursday, February 16, 2017 12:01 PM
To: Millar, Thomas <[hidden email]>; Coffin, Chris <[hidden email]>; Kurt Seifried <[hidden email]>; cve-editorial-board-list <[hidden email]>
Subject: Re: education suggestion

 

Here is an edited version of the document with a couple additional comments.  Concur with Tom’s comment below.  This is valuable for the current situation but very useful overall...

 

---

Kent Landfield

+1.817.637.8026

 

From: <[hidden email]> on behalf of "Millar, Thomas" <[hidden email]>
Date: Thursday, February 16, 2017 at 8:32 AM
To: "Coffin, Chris" <[hidden email]>, Kurt Seifried <[hidden email]>, cve-editorial-board-list <[hidden email]>
Subject: RE: education suggestion

 

I like this. No substantive comments from me. I'd say "instance" instead of "occurrence" though.



Tom Millar, US-CERT

Sent from +1-202-631-1915
https://www.us-cert.gov

 


From: [hidden email] on behalf of Coffin, Chris
Sent: Thursday, February 16, 2017 3:59:52 PM
To: Kurt Seifried; cve-editorial-board-list
Subject: RE: education suggestion

Here is the one page document we put together on future vision and direction of the program. We’d like to use this in the next response on the Oss-security mailing list discussion. If anyone has any significant comments or suggestions, please try to provide them by COB tomorrow.

 

Chris Coffin

The CVE Team

 

From: [hidden email] [[hidden email]] On Behalf Of Coffin, Chris
Sent: Thursday, February 09, 2017 6:03 PM
To: Kurt Seifried <[hidden email]>; cve-editorial-board-list <[hidden email]>
Subject: RE: education suggestion

 

Ø  So it would appear many people are losing their mind on oss-security, which is not surprising as we haven't really educated people about what's up. 

 

Just a heads up to the Board on this, we will be putting together a response to all of the comments received so far on the oss-security mailing list. I expect to get something sent out midday tomorrow.

 

Ø  I would suggest we come up with a quick one page education document that covers the new way forwards and why it's better/more sustainable

 

This is a great idea Kurt! We will draft something and get it sent out as soon as possible.

 

Chris Coffin

The CVE Team

 

From: [hidden email] [[hidden email]] On Behalf Of Kurt Seifried
Sent: Thursday, February 09, 2017 10:36 AM
To: cve-editorial-board-list <[hidden email]>
Subject: education suggestion

 

So it would appear many people are losing their mind on oss-security, which is not surprising as we haven't really educated people about what's up. 

 

I would suggest we come up with a quick one page education document that covers the new way forwards and why it's better/more sustainable, major points to include:

 

1) moving forwards it's all about structured data and automation, random email requests is not sustainable

 

2) MITRE has minted many more CNAs (and continues to do so) so there won't need to be as many requests to MITRE

 

3) the DWF is in the process of doing the CVE Mentor and multiple CNA roll out, which will be way more efficient/easier then everyone in the OpenSource community having to poke MITRE constantly

 

 

 

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: 
[hidden email]


CVE_Vision_v2.5.docx (182K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: education suggestion

Coffin, Chris
In reply to this post by Landfield, Kent B

All,

 

We had some internal comments and suggestions which resulted in another iteration of the document. Also, this version is now back to a single page which was one of our goals. If anyone has any additional comments or suggestions, please try to provide them by COB Friday.

 

Chris

 

From: Coffin, Chris
Sent: Thursday, February 16, 2017 12:42 PM
To: 'Landfield, Kent B' <[hidden email]>; Millar, Thomas <[hidden email]>; Kurt Seifried <[hidden email]>; cve-editorial-board-list <[hidden email]>
Subject: RE: education suggestion

 

Thanks to Tom and Kent for the quick feedback!

 

The attached is an updated version that includes the changes based on their edits and comments. I am currently trying to keep the document to a single page, but am struggling with what to remove. I added an example to explain the Sub-Root-CNA clarification, and this may or may not be needed. Any suggestions would be appreciated.

 

Chris

 

From: [hidden email] [[hidden email]] On Behalf Of Landfield, Kent B
Sent: Thursday, February 16, 2017 12:01 PM
To: Millar, Thomas <[hidden email]>; Coffin, Chris <[hidden email]>; Kurt Seifried <[hidden email]>; cve-editorial-board-list <[hidden email]>
Subject: Re: education suggestion

 

Here is an edited version of the document with a couple additional comments.  Concur with Tom’s comment below.  This is valuable for the current situation but very useful overall...

 

---

Kent Landfield

+1.817.637.8026

 

From: <[hidden email]> on behalf of "Millar, Thomas" <[hidden email]>
Date: Thursday, February 16, 2017 at 8:32 AM
To: "Coffin, Chris" <[hidden email]>, Kurt Seifried <[hidden email]>, cve-editorial-board-list <[hidden email]>
Subject: RE: education suggestion

 

I like this. No substantive comments from me. I'd say "instance" instead of "occurrence" though.



Tom Millar, US-CERT

Sent from +1-202-631-1915
https://www.us-cert.gov

 


From: [hidden email] on behalf of Coffin, Chris
Sent: Thursday, February 16, 2017 3:59:52 PM
To: Kurt Seifried; cve-editorial-board-list
Subject: RE: education suggestion

Here is the one page document we put together on future vision and direction of the program. We’d like to use this in the next response on the Oss-security mailing list discussion. If anyone has any significant comments or suggestions, please try to provide them by COB tomorrow.

 

Chris Coffin

The CVE Team

 

From: [hidden email] [[hidden email]] On Behalf Of Coffin, Chris
Sent: Thursday, February 09, 2017 6:03 PM
To: Kurt Seifried <[hidden email]>; cve-editorial-board-list <[hidden email]>
Subject: RE: education suggestion

 

Ø  So it would appear many people are losing their mind on oss-security, which is not surprising as we haven't really educated people about what's up. 

 

Just a heads up to the Board on this, we will be putting together a response to all of the comments received so far on the oss-security mailing list. I expect to get something sent out midday tomorrow.

 

Ø  I would suggest we come up with a quick one page education document that covers the new way forwards and why it's better/more sustainable

 

This is a great idea Kurt! We will draft something and get it sent out as soon as possible.

 

Chris Coffin

The CVE Team

 

From: [hidden email] [[hidden email]] On Behalf Of Kurt Seifried
Sent: Thursday, February 09, 2017 10:36 AM
To: cve-editorial-board-list <[hidden email]>
Subject: education suggestion

 

So it would appear many people are losing their mind on oss-security, which is not surprising as we haven't really educated people about what's up. 

 

I would suggest we come up with a quick one page education document that covers the new way forwards and why it's better/more sustainable, major points to include:

 

1) moving forwards it's all about structured data and automation, random email requests is not sustainable

 

2) MITRE has minted many more CNAs (and continues to do so) so there won't need to be as many requests to MITRE

 

3) the DWF is in the process of doing the CVE Mentor and multiple CNA roll out, which will be way more efficient/easier then everyone in the OpenSource community having to poke MITRE constantly

 

 

 

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: 
[hidden email]


CVE_Vision_v2.7.docx (189K) Download Attachment
Loading...