Sunday, November 8, 2015

CVE Announce - November 9, 2015 (opt-in newsletter from the CVE Web site)

Welcome to the latest issue of the CVE-Announce e-newsletter. This email newsletter is designed to bring recent news about CVE, such as new compatible products, new website features, CVE in the news, etc. right to your email box. Common Vulnerabilities and Exposures (CVE) is the standard for cyber security vulnerability names. CVE content is approved by the CVE Editorial Board, which is comprised of leading representatives from the information security community. CVE Numbering Authorities (CNAs) are major OS vendors, security researchers, and research organizations that assign CVE Identifiers to newly discovered issues without directly involving MITRE in the details of the specific vulnerabilities, and include the CVE Identifiers in the first public disclosure of the vulnerabilities. Details on subscribing (and unsubscribing) to the email newsletter are at the end. Please feel free to pass this newsletter on to interested colleagues.

 

Comments: cve@mitre.org

 

-------------------------------------------------------

CVE-Announce e-newsletter/November 9, 2015

-------------------------------------------------------

 

Contents:

 

1. CVE Included in Cisco's Recently Updated Vulnerability Disclosure Process

2. New CVE Editorial Board Member for Red Hat

3. Also in this Issue

4. Details/Credits + Subscribing and Unsubscribing

 

 

FEATURE STORY:

 

CVE Included in Cisco's Recently Updated Vulnerability Disclosure Process

 

CVE is included in Cisco Systems, Inc.'s refined security disclosure process, as described in an October 5, 2015 blog post entitled "Streamlining the Response to Security Vulnerabilities" on its security blog. CVE is mentioned as benefit 4 of 5 as what's new in the process, as follows: "Every vulnerability assigned a Common Vulnerability and Exposures (CVE). Aids in identification and search."

 

Release of the updated policy also resulted in CVE being cited in numerous major news media references and posts, including the following examples:

 

* http://www.eweek.com/security/cisco-redefines-how-it-manages-communicates-security-issues.html

* http://www.theregister.co.uk/2015/10/06/cisco_reforms_its_security_disclosure_process/

* http://www.scmagazineuk.com/cisco-develops-new-and-improved-security-disclosure-process/article/443429/

* http://www.programmableweb.com/news/%E2%80%8Bcisco-to-use-api-to-distribute-detailed-security-vulnerability-advisories/2015/10/08

* http://blogs.cisco.com/security/psirt-u

* http://dutchitchannel.nl/537988/cisco-vernieuwt-beleid-rond-vulnerabilities-in-producten.html

 

Cisco is a CVE Numbering Authority (CNA), assigning CVE-IDs for Cisco issues. CNAs are major OS vendors, security researchers, and research organizations that assign CVE-IDs newly discovered issues without directly involving MITRE in the details of the specific vulnerabilities, and include the CVE-ID numbers in the first public disclosure of the vulnerabilities.

 

LINKS:

 

Cisco announcement –

http://blogs.cisco.com/security/streamlining-the-response-to-security-vulnerabilities

 

CVE Numbering Authorities -

https://cve.mitre.org/cve/cna.html

 

News page article -

https://cve.mitre.org/news/index.html#october132015_CVE_Included_in_Ciscos_Recently_Updated_Vulnerability_Disclosure_Process

 

---------------------------------------------------------------

New CVE Editorial Board Member for Red Hat

 

Kurt Seifried of Red Hat, Inc. has joined the CVE Editorial Board. Mark Cox of Red Hat also remains as a Board member.

 

Read the full announcement and welcome message in the CVE Editorial Board email discussion list archive at:

http://common-vulnerabilities-and-exposures-cve-editorial-board.1128451.n5.nabble.com/Please-welcome-Kurt-Seifried-to-the-CVE-Editorial-Board-td18.html.

 

LINKS:

 

CVE Editorial Board –

https://cve.mitre.org/community/board/index.html

 

Red Hat -

http://www.redhat.com/

 

News page article -

https://cve.mitre.org/news/index.html#november32015_New_CVE_Editorial_Board_Member_for_Red_Hat

 

---------------------------------------------------------------

ALSO IN THIS ISSUE:

 

* CVE Mentioned in Article about Joomla Vulnerabilities Affecting Millions of Websites on Ars Technica

 

* CVE Identifier "CVE-2015-7645" Cited in Numerous Security Advisories and News Media References about a Zero-Day Adobe Flash Vulnerability

 

* Two CVE Identifiers Cited in Numerous Security Advisories and News Media References about the Android "Stagefright 2.0" Vulnerability

 

Read these stories and more news at https://cve.mitre.org/news.

 

---------------------------------------------------------------

Details/Credits + Subscribing and Unsubscribing

 

Managing Editor: Steve Boyle, Cyber Security Technical Center. Writer: Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and provides impartial technical guidance to the CVE Editorial Board and CVE Numbering Authorities on all matters related to ongoing development of CVE.

 

To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the message to: listserv@lists.mitre.org. To subscribe, send an email message to listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".

 

Copyright 2015, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. CVE is sponsored by US-CERT (www.us-cert.gov) in the office of Cybersecurity and Communications (www.dhs.gov/office-cybersecurity-and-communications) at the U.S. Department of Homeland Security (www.dhs.gov).

 

For more information about CVE, visit the CVE Web site at https://cve.mitre.org or send an email to cve@mitre.org.

 

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)