Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170522190024.GE12842@openstack.org>
Date: Mon, 22 May 2017 19:00:24 +0000
From: Jeremy Stanley <jeremy@...nstack.org>
To: oss-security@...ts.openwall.com
Subject: Re: How to request a CVE for open source projects

On 2017-05-22 13:05:34 -0500 (-0500), Michael Catanzaro wrote:
[...]
> How are other people getting open source CVEs right now? Has anybody else
> had luck getting a CVE via DWF? Should I be trying to do this through Red
> Hat instead? Or just by filling out MITRE's CVE form even though we're not
> really supposed to be using it?
[...]

OpenStack's been using MITRE's Web form to the best of our
ability[*] and that seems to be working. Though it also has the side
effect that a MITRE representative has reached out to us asking
whether we'd like to become a CNA (our VMT is still trying to decide
if that's worth pursuing).

[*] https://security.openstack.org/vmt-process.html#send-cve-request
-- 
Jeremy Stanley

Download attachment "signature.asc" of type "application/pgp-signature" (950 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.