Re: Very Important Message for the Editorial Board

I agree with Kurt here. 100% This breaks just about everything. When I have mentioned federated CVE support I was imaging the Board, I and others that have operational responsibility for using and distributing CVEs would have some say in what it looked like. I fully understand you are under pressure but this is not the right way to do this. I really would have liked this to be one of the topics we discussed at the CVE Improvement Summit instead of having this hoisted on us this way. It would be in the best interest to hold off in my mind since these Ids have NO usefulness in product and this will totally confuse the market, researcher and those with operational needs for a consistent CVE. This really needs to be discussed before you make the problem worse… --- Kent Landfield +1.817.637.8026 From: mailto:owner-cve-editorial-board-list@lists.mitre.org>> on behalf of Kurt Seifried mailto:kseifried@redhat.com>> Date: Thursday, March 17, 2016 at 4:26 PM To: "Sain, Joe" mailto:jas@mitre.org>> Cc: cve-editorial-board-list mailto:cve-editorial-board-list@lists.mitre.org>>主题：回复：编辑委员会的非常重要的信息是经过精心设计的新的，快速响应联合ID方案，以免破坏现有流程及其随之而来的用例，并允许与现有CVE标识符的未来兼容。Federated CVE标识符将允许对新型任务和用例进行快速实验，以便CVE，CVE编辑委员会和社区可以共同努力，以确定什么最能满足社区需求。谁将发行这些？有没有分配/宣布？联合ID语法将是CVE-CCIII-YYYY-NNNN…N，“ CCC”编码发行当局的哦，亲爱的。因此，这打破了目前存在的每一个CVE工具/软件。在整个行业集体投入了数十万小时的工作之前，并且有很多钱用于支持这一点，是否有任何保证这是一个长期项目吗？没有提及这个飞行员项目将如何发展或很长一段时间。您能提供具体的详细信息吗？国家和“ III”编码发行当局。 At its launch, MITRE will be the only issuing authority, but we expect to quickly add others to address the needs of the research and discloser communities, as well as the cybersecurity community as a whole. This new federated ID system will significantly enhance the early stage vulnerability mitigation coordination, and reduce the time lapse between request and issuance. MITRE is continuing to refine CVE operational capabilities so that automated vulnerability identification, description, and processing are incorporated over time. As both the Federated Pilot and the next phase of CVE operational capabilities are scaled and automated, traditional CVEs can be merged with federated CVEs. Are there any specific goals/timeframes here? We're still waiting for an ETA on a possible solution for the robots.txt on the CVE web site (http://cve.mitre.org/robots.txt）阻止网站上CVE内容的所有索引。CVE团队期待与CVE编辑委员会成员和更广泛的社区合作，以迅速扩大CVE的覆盖范围并实施联邦CVE识别计划，以便CVE能力与对良好认可的脆弱性标识符的需求不断增长。据我所知，我有点担心，因为董事会从未对此进行过咨询过（没有电子邮件，我的电话中没有提到）。董事会上的任何人都可以确认他们建议/支持MITER的这一策略吗？--- Kurt Seifried-红色帽子 - 产品安全 - 云PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 RED HAT产品安全性联系：Secalert@redhat.com <mailto：secalert@redhat.com>