Welcome to the latest issue of the CVE-Announce e-newsletter. This email
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/February 18, 2013
-------------------------------------------------------
Contents:
1. Feature Story
2. Hot Topic
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
MITRE to Host CVE Booth at "RSA Conference 2013," February 21-March 1, 2013
MITRE is scheduled to host a booth about "Strengthening Cyber Defense" that
includes CVE at "RSA Conference 2013" at the Moscone Center in San
Francisco, California, USA, on February 21-March 1, 2013. Attendees will
learn how information security data standards facilitate both effective
security process coordination and the use of automation to assess, manage,
and improve the security posture of enterprise security information
infrastructures.
Members of the CVE Team will be in attendance. Please stop by Booth 2617 and
say hello!
Visit the CVE Calendar for information on this and other events.
LINKS:
RSA 2013 - http://www.rsaconference.com/events/2013/usa/
Strengthening Cyber Defense - http://www.mitre.org/work/cybersecurity/
CVE Calendar - http://cve.mitre.org/news/calendar.html
---------------------------------------------------------------
HOT TOPIC:
Call for Public Feedback on Upcoming CVE ID Syntax Change
Due to the increasing volume of public vulnerability reports, the Common
Vulnerabilities and Exposures (CVE) project will change the syntax of its
standard vulnerability identifiers so that CVE can track more than 10,000
vulnerabilities in a single year. The current syntax, CVE-YYYY-NNNN, only
supports a maximum of 9,999 unique identifiers per year.
Since a change in the ID syntax will affect many parties including end users
and vendors, the CVE project is soliciting feedback from the public before
making this change.
The public feedback period will continue through the "RSA Conference 2013,"
being held February 25 - March 1, 2013, where attendees will be able to
speak with CVE personnel from MITRE and members of the CVE Editorial Board.
After a formal Editorial Board vote, the final selection will be made and
the public will be notified, currently planned for March 2013.
The syntax change is scheduled to go into effect on January 1, 2014, so that
users will have enough time to change their processes and software to handle
the new ID syntax.
With guidance from the CVE Editorial Board, we have identified three options
for a new ID syntax, summarized as follows:
Option A (Year + 6 digits, with leading 0's)
* Examples: CVE-2014-000001, CVE-2014-009999, CVE-2014-123456
Option B (Year + arbitrary digits, no leading 0's except IDs 1 to 999)
* Examples: CVE-2014-0001, CVE-2014-54321, CVE-2014-123456
Option C (Year + arbitrary digits + check digit)
* Examples: CVE-2014-1-8, CVE-2014-9999-3, CVE-2014-123456-5
One of these options will be selected as the new syntax for CVE Identifiers.
More details are available here:
http://cve.mitre.org/data/board/archives/2013-01/msg00011.html.
If you wish to comment on any of these options, you can:
* Email your comment to cve-id-change@mitre.org, which is monitored by
MITRE's CVE Team members.
* Post to a new, public discussion list that is focused on the CVE ID
change. To subscribe, send an email to listserv@lists.mitre.org. In the body
of the email, type: subscribe CVE-ID-SYNTAX-DISCUSS-LIST
* Reply on any of the public mailing lists to which this announcement has
been posted (e.g., Bugtraq mailing list, oss-security mailing list,
CVE-Announce, etc.).
Due to the high volume of replies that we expect to receive, we will not be
able to respond to every email message; however, we will publish a summary
of responses.
LINKs:
Standard vulnerability identifiers - http://cve.mitre.org/cve/identifiers/
CVE Editorial Board - http://cve.mitre.org/community/board/#current_members
CVE-ID Syntax Change details -
http://cve.mitre.org/data/board/archives/2013-01/msg00011.html
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* CVE Editorial Board Holds Teleconference Meeting
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2013, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.
For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment