Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <f5e202ca-2709-8158-cb35-453a29d09e42@icu-project.org>
Date: Thu, 9 Feb 2017 08:07:49 -0800
From: "Steven R. Loomis" <srl@...-project.org>
To: oss-security@...ts.openwall.com
Subject: Re: MITRE is adding data intake to its CVE ID process

On 2/9/17 6:54 AM, Peter Bex wrote:
> In an ideal world, free software project leaders should be
> able to request a CVE ID _before_ announcing a vulnerability to their
> user base.  If there were some way to register people as project leaders,
> the "proof" should not be necessary, they should be able to request a
> CVE ID with authority.
Peter,
 I actually wondered about this very thing, if it was possible to
request an ID before the details were fully available. From your note,
it sounds like this is not the case currently.

Steven



Download attachment "signature.asc" of type "application/pgp-signature" (456 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.