(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
再保险:CVE程序优先级
- 来:“大妈,斯蒂芬·v”<sboyle@mitre.org>,cve-editorial-board-list <cve-editorial-board-list@LISTS.MITRE.ORG>
- 主题再保险:CVE项目优先级
- 从莫尼耶:帕斯卡<pmeunier@cerias.purdue.edu>
- 日期:2015年12月22日星期二16:14:40 -0500
- Authentication-Results:防晒系数=没有(发送者的IP 129.83.29.2) smtp.mailfrom = LISTS.MITRE.ORG;mitre.mail.onmicrosoft.com;dkim = (messagenot签署)header.d =没有问题;mitre.mail.onmicrosoft.com;dmarc =没有行动= noneheader.from = cerias.purdue.edu;
- 交货日期:2015年12月22日18:59:49星期二
- 在回复:<CY1PR09MB0873A71369CCDDE1AF00AB26C7E50@CY1PR09MB0873.namprd09.prod.outlook.com>
- 名单有用:<mailto: LISTSERV@LISTS.MITRE.ORG ?身体= % 20 cve-editorial-board-list信息>
- List-Owner:<mailto: CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-Subscribe:<mailto: CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-Unsubscribe:<mailto: CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- 引用:<CY1PR09MB0873A71369CCDDE1AF00AB26C7E50@CY1PR09MB0873.namprd09.prod.outlook.com>
- 发送方:<owner-cve-editorial-board-list@lists.mitre.org>
- SpamDiagnosticMetadata:43 da9c421be74aed97248473db21fd15
- SpamDiagnosticOutput:1:2
- 用户代理:Mozilla / 5.0 (X11;Linux x86_64;房车:31.0)壁虎/ 20100101 Icedove / 31.8.0
在12/22/2015 12:55点,博伊尔,斯蒂芬诉写道:>报道在美国使用的软件和设备的部门。“美国IT领域”是什么?是“美国部门”旨在包括设备使用在家里或与固件开发国外中小企业,尤其是如果它们连接到互联网,还是这只覆盖软件和设备用于美国企业吗?同时,将美国公司使用外国软件在国外做生意时被覆盖;是“用于美国部门”吗?它是谁的责任(或应该是)生成软件和设备标识符“在美国不习惯这部门”,但用的或美国供应链和重要合作伙伴我们一起合作,信任和依靠?因为斜方和其必须承担的责任管理标识符“美国部门”,谁应该负责国际行业吗?我想知道有多少软件和多少设备存在,不会被使用在美国。试图排除”在美国从未使用过“软件和设备真的提供了一个重要的工作负载,值得付出努力的排序和错误的风险?我问,因为它似乎是一个考虑到制造商和软件供应商将尝试目标一切他们在美国市场,由于规模经济。 The criterion "used in the U.S. IT sector" is indistinct, and I doubt its usefulness and practicality. Instead, "products developed by firms or organizations based in the U.S." would be more clearcut, and so would be the responsibility. Coverage would be significantly reduced and more manageable, but consequently it would be narrow to the point of making the CVE less useful. Given the conflicting desire to restrict the workload but usefulness of prompt and broad coverage, perhaps it's time to ask other countries or regions (I mean to include the European Union in this) to be responsible for their share of produced software and to peer with MITRE using "Olympic swim lanes" (eh, Olympic as in "a time for laying aside political and religious differences") that would avoid duplication of effort and redundant identifiers? Besides directly contacting foreign organizations, I would think this is worthy of the United Nations' attention, given its goal of promoting international co-operation, and given the ubiquitous distribution of software. This sounds idealistic but the very idea is important. I believe this needs to be stated and recognized as something desirable, and even needs to be attempted so that perhaps we'll obtain through compromise an intermediate solution that works well enough. Other related "can of worms" thoughts: Can CNAs be foreign nations, or could foreign nations have the power to designate CNAs, or would it be preferable that they have their own identifiers? Would it be useful if they used different letters than 'CVE' but kept the format similar and recognizable (a Universally Unique Vulnerability ID, UUVID)? Can they be trusted enough, and what mechanisms could detect misbehavior, and then work around it or even repair it? Pascal
- 跟进:
- 再保险:CVE程序优先级
- 来自:“大妈,斯蒂芬·v .”
- 来自:“大妈,斯蒂芬·v .”
- 再保险:CVE程序优先级
- 引用:
- CVE项目优先级
- 来自:“大妈,斯蒂芬·v .”
- 来自:“大妈,斯蒂芬·v .”
- CVE项目优先级
- 上一页的日期:再保险:CVE程序优先级
- 下一个按日期:再保险:CVE程序优先级
- Prev线程:再保险:CVE程序优先级
- 下一个线程:再保险:CVE程序优先级
- 指数(es):
