Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CALPTtNWU0mG2XOphpRXQGUeLsvGe1N-etNFtVBdDWONAoT7RtA@mail.gmail.com>
Date: Wed, 9 Mar 2016 11:07:19 -0800
From: Reed Loden <reed@...dloden.com>
To: oss-security@...ts.openwall.com
Cc: kseifried <kseifried@...hat.com>
Subject: Re: Concerns about CVE coverage shrinking - direct
 impact to researchers/companies

Issued to some people, perhaps, but there are plenty of examples of MITRE
not issuing CVEs even after multiple months and pokes. Understand MITRE is
resource constrained, but they are blocking new CNAs as well, which doesn't
help.

Just check out the board list archives (
https://cve.mitre.org/data/board/archives/). MITRE isn't responding at all
to people's concerns.

~reed

On Wed, Mar 9, 2016 at 11:04 AM, David A. Wheeler <dwheeler@...eeler.com>
wrote:

> All - I've chatted with some of the people who fund the CVE work at MITRE.
> I've learned that CVEs *are* being issued, but obviously that is happening
> too slowly.
>
> They're having a meeting tomorrow (March 10) to try to figure out what
> the problems are and how to fix it.  I don't know what they'll do.
> However, I'm hopeful that  this will mean that the CVE work will get
> back on track soon.
>
> --- David A. Wheeler
>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.