再保险:CVE托管服务

通知你,这是要求12月明确政策。斜方的官方回应:从:“埃文斯,Jonathan l .” X-Originating-IP: [192.160.51.89] To: jericho , cve-cna-list  Date: Thu, 15 Dec 2016 14:10:17 +0000 Subject: RE: site-specific vulnerabilities and CVE inclusion > First, can MITRE chime in and verify this is still current policy regarding site-specific issues? It is still against the rules to assign a CVE ID to a site-specific vulnerability. INC3 in the CNA Rules says "Is the vulnerability site-specific?... Yes: Do not assign a CVE ID."[1] We are not opposed to assigning CVE IDs to site-specific vulnerabilities. When we finalized the CNA rules, we believed that we did not understand the use cases for site-specific vulnerabilities well enough to write rules on how to properly count them. We fully expect support for site-specific vulnerabilities to be a major topic of the next revision of the rules. [1]http://cve.mitre.org/cve/cna/CNA_Rules_v1.1.pdf——乔纳森埃文斯铅CVE内容斜方公司分析师结婚,2017年2月15日,安迪Balinsmanbetx客户端首页ky (Balinsky)写道::我有一些内部讨论与我们的事件反应小组(PSIRT)思科,和是否存在的问题提出任何行业最佳实践,或斜方政策对cf托管服务。::主持的情况是软件服务供应商的服务器上所有的供应商。由供应商内部漏洞被发现。它是固定的。客户不需要行动。她刚刚开始使用固定版本下次访问网页。:那么,应该咨询供应商问题呢?和反暴力极端主义应该生成的吗?::在本例中是其他供应商做什么?(也许这个列表不是最好的地方讨论这个)。 : : Andy Balinsky : balinsky@cisco.com<mailto: balinsky@cisco.com>::[cid: 7113 ea8f - 503 - e - 4953 - b0d3 ed49102d51e2@cisco.com)::