[[日期上一篇] [下一个日期] [线程] [线程接下来] [日期索引] [线程索引这是给予的

回复:更新产品和来源列表。

嗨,迈克,这项任务责任还扩展到Veritas软件吗?谢谢。---肯特·兰德菲尔德(Kent Landfield)+1.817.637.8026在1/8/16,8:56 AM,“ Mike Prosser”,“ Mike Prosser” 写道:> Symantec是Symantec的CNA,但有时也很紧密地工作>作业证书。我们偶尔会得到一些提交者,他们已经直接去了MITER for CVE来寻找他们的发现。MITER>始终将它们重定向给我们,作为Symantec密钥的守护者... >>  - >  - 米克Prosser> Symantec软件安全组> ------原始消息----->来自:所有者cve--editorial-board-list@lists.mitre.org> [mailto:所有者cve-editorial-board-list@lists.mitre.org]代表Andy> Balinsky(巴林斯基)>发送:2016年1月7日,星期四3:57 PM>至:肯特郡B> CC兰德菲尔德:埃文斯,乔纳森·L。;CVE编辑板列表>主题:回复:更新产品和来源列表。>>思科是所有思科问题的CNA。当我们偶尔从外部方获得请求>为第三方产品分配一方时,我们将其发送给CERT。>> Andy >> >> 2016年1月7日,下午3:37,肯特·B >> 写道:>> >>因此,这些产品 /供应商已关联应该>>已经涵盖的CNA,并且不在Miter的直接任务>>责任之外?可以用这些信息丰富列表吗?>> >>如果我们有针对特定区域/项目的CNA,那么我们需要识别它们。>>我一直在印象中,产品 /来源列表直接用于斜切的使用。>> ---- >>肯特·兰德菲尔德>> +1.817.637.8026 >> >> >>来自:>> <所有者cve-editorial-board-list-list@lists.mitre.org <Mailto:所有者cve-editoria>> l-board-list@lists.mitre.org >>代表“埃文斯,乔纳森·L。”>> mailto:jevans@mitre.org>> >>日期:2016年1月7日,星期四,下午2:00 >> to:cve-editorial-board-list >> Mailto:CVE编辑板列表>>@lists.mitre.org >> >>主题:更新产品和来源列表。>> >> >> >> >> >>自从产品创建和>>源列表以来已经过去了几年http://cve.mitre.org/data/board/archives/2012-09/msg00000.html),>> MITER用于优先考虑CVE覆盖范围。从那时起,产品已更改名称,产品的重要性已更改,来源已经>>来了。MITER IS >>寻求编辑委员会有关更新列表应包含的内容的指南。我们在下面包括了一个新的建议列表,以开始>>讨论。>> >>当我们在2012年经历此过程时,Miter正在寻找有关CVE处理的优先级的建议,因此我们专注于我们使用的来源>>来创建CVE。这次,我们希望在优先考虑>>预订请求处理和CVE处理方面的优先级。由于我们很少知道>>请求者在预订时会使用的来源,但是我们>>通常并非总是知道该产品,因此我们的建议更新>>主要包括新产品。来源部分仍需要更新,但是>>我们认为专注于产品将为>>努力带来最大的影响。>> >>与扩展的产品列表一起,我们包括了一个更精细的>>优先级系统。在当前列表上,优先级是“必须>>有”和其他所有内容。 We believe there are products that fall >>between these priorities, and we feel it would help MITRE and the >>community at large if we make our prioritization explicit. We have >>broken down the new list using the following priority tiers: >> Tier 1: Must Cover - This tier is the same as the current "Must Have" >>category. Products in this class should be widely used and likely to be >>targeted by attackers. >> Tier 2: Should Cover - Products in this tier should be covered, but >>full coverage is not required. Products in this tier should have wide >>distribution. >> Tier 3: Can Cover - These products are nice to have. Products in this >>list have a more limited distribution or have some other mitigating >>factor. >> Tier 4: May Not Cover - This tier contains products that are not named >>on the list. These products are given the lowest priority. >> Tier 5: Must Not Cover - Products that should not be assigned a CVE are >>included in this tier. We are not proposing any additions to this tier >>other than site-specific products, which have been long established as >>outside the scope of CVE. >> >> Please note that packaging approaches in Linux distributions still >>present challenges for prioritization. The definition of coverage for >>Linux vendors that the Editorial Board previously agreed upon was to >>publish CVEs for every vulnerability in every package the vendor >>supports. This means that by covering Debian, we must also cover the >>vulnerabilities in products like 0ad, a real-time strategy game. We >>don't think that such products should be given the same kind of >>attention as products like tar or curl. However, the sheer number of >>packages Linux vendors support (e.g., according to Wikipedia, Debian has >>56,864 packages) make prioritizing them individually prohibitive, and we >>don't think it is worth the Board's time. We don't have a good way of >>prioritizing coverage of Linux packages, so we greatly encourage any >>suggestions from those who do. >> >> As I said earlier in this email, everything mentioned here is simply to >>start the conversation. MITRE relies on the Board's guidance, and we >>fully expect there to be many revisions to our proposal. >> >> - >> Jonathan Evans >> CVE Content Technical Lead >> The MITRE Corporation >> >> ------------------------ >> >> TIER 1 - MUST COVER >> Adobe >> Alcatel-Lucent >> Apache Software Foundation: Apache HTTP Server >> Apple >> CA Technologies >> Check Point: Security Gateways product line >> Cisco >> Citrix >> EMC >> F5 >> Fortinet: FortiGate product line >> F-Secure >> Google: Google Chrome >> Hewlett Packard Enterprise >> HP Inc. >> IBM >> Intel: McAfee >> Internet Systems Consortium (ISC) >> Juniper >> kernel.org: Linux kernel >> Microsoft >> MIT Kerberos >> Mozilla >> MySQL >> OpenLDAP >> OpenSSH >> OpenSSL >> Oracle >> PHP >> Pulse Secure (formerly Juniper Junos) >> SAP >> Sendmail >> Sophos >> Symantec >> VMware >> WebKit >> WordPress >> Xen >> >> TIER 2 - SHOULD COVER >> A10 Networks >> Adtran >> AMD >> Android (associated with Google or Open Handset Alliance) >> Arista Networks >> Aruba Networks >> Atlassian >> Attachmate: Novell >> Avast >> Avaya >> Barracuda Networks >> Bitdefender >> Blue Coat >> Dell: Desktop/Notebook product lines >> Dell: SonicWALL Network Security product line >> Drupal >> ESET >> Fortinet >> Fujitsu: Desktop/Notebook product lines >> Good for Enterprise >> Grails >> Groovy >> Intel >> Joomla! >> Kaspersky Lab >> Lenovo: general-purpose computers, software for general-purpose >> operating systems, mobile devices, enterprise storage >>and networking >> products >> LibreOffice >> LibreSSL >> Nvidia >> OpenStack >> Opera >> Palo Alto Networks >> Panda Security >> Perl >> Pivotal >> Python >> RealNetworks >> RIM/BlackBerry >> Ruby >> Samba >> Splunk >> Tenable Network Security >> Trend Micro >> TYPO3 >> Veritas Software >> WatchGuard >> Webroot >> Websense >> >> TIER 3 - CAN COVER >> Agilent >> AirWatch >> ARCserve >> b2evolution >> BMC >> Borland >> Brocade Communications Systems >> certificate-transparency >> Cloudera >> CMS Made Simple >> CommuniGate Pro >> Corel >> CoreMedia CMS >> Dart >> Dell: general-purpose computers and tablets, software for >> general-purpose operating systems, printers, enterprise >>storage and >> networking products >> django CMS >> docSTAR eclipse >> DokuWiki >> Dotclear >> DotCMS >> DotNetNuke >> Duo Security >> Ektron CMS >> Exponent CMS >> FirstSpirit >> Foswiki >> Foxit >> FreeSWITCH >> Geeklog >> Hitachi Information Technology products >> HTC >> Huawei >> iDirect >> ikiwiki >> ImpressPages >> Invision Power Suite >> Ipswitch >> knockoutjs.com Knockout >> LG: mobile devices >> Liferay >> LiteSpeed Web Server >> LogMeIn >> Magento >> MobileIron >> MODX >> MoinMoin >> Motorola Mobility: mobile devices >> Movable Type >> Mura CMS >> MyBB >> NaviServer >> NetApp >> NetBSD >> Nokia >> Novius OS >> OpenBSD >> OpenText FirstClass >> OpenXava >> Open-Xchange >> PhpWiki >> PivotX >> Play Framework >> Plone >> Pluck >> PmWiki >> polymer-project.org Polymer >> PowerMTA >> Resin >> Samsung: mobile devices >> SAS >> Scalix >> SDL Tridion >> Serendipity >> SilverStripe >> Sitecore Experience Platform >> SolarWinds >> Tibco >> Tiki >> TrueCrypt >> TWiki >> Ubiquiti Networks >> Umbraco >> vBulletin >> VeraCrypt >> WinZip >> Workshare >> XOOPS >> Zikula >> Zimbra Collaboration Suite >> >> TIER 4 - MAY NOT COVER >> Any product not specified in any other tier. >> >> TIER 5 - MUST NOT Cover >> Site-specific products, e.g. google.com >> >> Unspecified - The vendors in this section support products that have a >>varying degrees of importance. >> Apache Software Foundation: All >> Attachmate: SUSE >> CentOS >> Debian >> Fedora >> FreeBSD >> Gentoo (Linux) >> openSUSE >> Red Hat >> Ubuntu >
页面最后更新或审查:2016年1月11日