[ Date Prev ][ Date Next ][ Thread Prev ][ Thread Next ][ Date Index ][ Thread Index ]

Re: assignments for malware 

On 2018-08-14 17:37, Millar, Thomas wrote:
> Are people going to find out about and fix these issues in their
> environment without a CVE? In other words, will a malware indicator
> do the job? If so, then it doesn’t need to be in scope.

Arguing mostly against myself, a CVE ID may well raise attention, which
is desirable.

The problem is opening the scope of CVE too widely.  Maybe an
"exposure" is that I thought some software was legit, but turns out it
was not?  As opposed to something that is clearly malware from the
start?

We have a lot of malware to assign CVE IDs to.

 - Art
Page Last Updated or Reviewed: August 17, 2018