程序惩罚或撤销CNA状态?

剩下的时间,已经有越来越更好的监控和restict CVE作业的理由。来自研究人员要求他们,和始终不明白CVE或抽象的过程。如果这对你来说还不是很熟悉,你没有密切关注CVE。说,我有单独的对话与CVE不留记录的这个问题,但是感觉是时候正式提出来了。有几个CNAs不断分配id反对现行政策,针对当前记录标准。这是第一次CVE发布,并理所当然地谴责CNA失败的重复。首先,我赞赏CVE发行这个描述。它有助于显示项目的复杂性,并使用第三方转让。第二,这是公众和可见的证据表明,一些必须不能信任去做他们的工作。一次或两次,没有问题。 However, generally speaking I know this is a much bigger problem. There needs to be some set of guidelines that keeps a CNA in check, and ultimately strips them of that duty if they cannot abide by the rules. If such guidelines are not in place from a CVE standpoint, they need to be implemented ASAP. If they exist, they should be shared with the editorial board at the least, if not posted publicly so the industry can better help regulate this. CVE is a government funded project, but done for the community with *significant* buy-in and effort by the community. ====================================================== Name: CVE-2014-3659 Status: Candidate URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=cve - 2014 - 3659最终决定:阶段性裁决:修改:建议:分配:20140514类别:* *拒绝* *不使用此候选人数量。ConsultIDs: cve - 2014 - 7169。理由:这个候选人是一个预订重复的CVE - 2014 - 7169,因为这个ID的CNA并不遵循多个程序的目的是最小化重复CVE作业。注:所有CVE用户