[日期Prev][日期Next][Thread Prev][Thread Next][日期Index][Thread Index]

Re: CVE for hosted services

To: Carsten Eiram <che@riskbasedsecurity.com>
主题：RE：CVE用于托管服务
从: Pascal Meunier <pmeunier@cerias.purdue.edu>
日期: Fri, 3 Mar 2017 05:32:10 -0500
Authentication-results: spf=none (sender IP is 129.83.29.3) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=cerias.purdue.edu;
Cc：kurt seifried <kurt@seifried.org>, Art Manion <amanion@cert.org>，耶利哥<jericho@attrition.org>, cve-editorial-board-list <cve-editorial-board-list@LISTS.MITRE.ORG>
Delivery-date: Fri Mar 3 07:47:30 2017
陷入困境：
List-help：<mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
List-owner：<mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
List-subscribe：<mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
List-unsubscribe：<mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
参考： <379DDB8A-F1D2-4E4B-9307-CFBFDB0521F5@intel.com> <8942442A-17E2-4EEB-9943-648F27125AA6@cisco.com> <079d4575-d5ef-be7c-bdfb-f817e625b02e@cert.org> <1487797534.7382.18.camel@cerias.purdue.edu> <4689d956-c638-b3cc-94cb-1e877c5dc64d@cert.org> <6a9a57eb-bad0-bea7-a71b-88b059a82969@cert.org> <1488299771.10461.25.camel@cerias.purdue.edu>
Reply-to：<pmeunier@cerias.purdue.edu>
Sender：<owner-cve-editorial-board-list@lists.mitre.org>
Spamdiagnosticmetadata: 6cdb8bfc89744bd8bfee511e3e65aa05
Spamdiagnosticoutput: 1:2

On Wed, 2017-03-01 at 07:05 +0100, Carsten Eiram wrote: > On Tue, Feb 28, 2017 at 5:36 PM, Pascal Meunier >  > wrote: > > > > > Please don't make the CVE into an incident or advisory database just > > because an ID would be handy. > > > ^^ Short, concise, and so incredibly spot on. > > As Brian pointed out earlier, create another C*E project if wanting to > track these kinds of issues in hosted solutions. Thanks. What made the CVE interesting was the intelligence in identifying and pinpointing root causes. A broad range of issues stemming from the absence of security goals or considerations, as in that product, only needs an advisory. I feel that using a CVE ID for this example would be inappropriate because the CVE was meant to be a finer and more precise tool. This example is akin to a grand collapse from rampant incompetence; there is nothing to analyze in detail and nothing to do but get indignant about it on Facebook. Pascal

后续行动:
- Re: CVE for hosted services
  - 从:Art Manion

参考:
- Re: CVE for hosted services
  - 从:Carsten Eiram

Prev by Date:Re: CVEnew Twitter Feed
Next by Date:clarification / statement on recent CVE abstraction policy changes and more
Previous by thread:Re: CVE for hosted services
Next by thread:Re: CVE for hosted services
Index(es):
- 日期
- Thread