[ Date Prev ][ Date Next ][ Thread Prev ][ Thread Next ][ Date Index ][ Thread Index ]

Re: HP's policy on CVE assignments

To : cve-editorial-board-list < cve-editorial-board-list@lists.mitre.org >
Subject : Re: HP's policy on CVE assignments
From : "Adinolfi, Daniel R" < dadinolfi@mitre.org >
Date : Tue, 11 Apr 2017 13:41:32 +0000
Accept-language : en-US
Authentication-results : spf=none (sender IP is 129.83.29.2) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=mitre.org;
Delivery-date : Tue Apr 11 09:51:29 2017
In-reply-to : < alpine.LNX.2.00.1704102158590.19881@forced.attrition.org >
List-help : < mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST >
List-owner : < mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG >
List-subscribe : < mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG >
List-unsubscribe : < mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG >
References : < alpine.LNX.2.00.1704071412390.19881@forced.attrition.org > < alpine.LNX.2.00.1704102158590.19881@forced.attrition.org >
Sender : < owner-cve-editorial-board-list@lists.mitre.org >
Spamdiagnosticmetadata : 6cdb8bfc89744bd8bfee511e3e65aa05
Spamdiagnosticoutput : 1:2
Thread-index : AQHSr9OO3JPdmXr+bUyyw3bViRNyeqG/f6WAgABwTYA=
Thread-topic : HP's policy on CVE assignments
User-agent : Microsoft-MacOutlook/f.20.0.170309

Greetings,

We are contacting HP to discuss their disclosure policy to verify that it is not in conflict with the CNA Rules.

Once we have spoken to HP and have a better understanding of the issues, we will report back to the Board.

Please let us know if there are any other questions or concerns about this issue.

Thanks.

-Dan

_________________________

Daniel Adinolfi, CISSP

Lead Cybersecurity Engineer, The MITRE Corporation

CVE Communications and CNA Coordinator

Email: <dadinolfi@mitre.org> Phone: 781-271-5774

From: <owner-cve-editorial-board-list@lists.mitre.org> on behalf of jericho <jericho@attrition.org>
Date: Monday, April 10, 2017 at 22:59
To: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
Subject: Re: HP's policy on CVE assignments

Can MITRE weigh in on this please? Pretty significant stance for a CNA to

take, saying they will selective assign based on how a solution is

delivered. I feel this goes against the spirit and purpose of CVE.

On Fri, 7 Apr 2017, jericho wrote:

: Caught this via Twitter. Thoughts?

: https://twitter.com/tombkeeper/status/850275006256787456

Follow-Ups :
- Re: HP's policy on CVE assignments
  - From: Kurt Seifried <kurt@seifried.org>

References :
- HP's policy on CVE assignments
  - From: jericho <jericho@attrition.org>
- Re: HP's policy on CVE assignments
  - From: jericho <jericho@attrition.org>

Prev by Date: Re: HP's policy on CVE assignments
Next by Date: Re: HP's policy on CVE assignments
Previous by thread: Re: HP's policy on CVE assignments
Next by thread: Re: HP's policy on CVE assignments
Index(es):
- Date
- Thread