Welcome to the latest issue of the CVE-Announce e-newsletter. This email newsletter is
designed to bring recent news about CVE, such as new compatible products, new website
features, CVE in the news, etc. right to your email box. Common Vulnerabilities and
Exposures (CVE) is the standard for cyber security vulnerability names. The CVE Board
provides oversight and input into CVE's strategic direction, ensuring CVE meets the
vulnerability identification needs of the technology community. CVE Numbering
Authorities (CNAs) are major OS vendors, security researchers, and research
organizations that assign CVE Identifiers (CVE IDs) to newly discovered issues without
directly involving MITRE in the details of the specific vulnerabilities, and include the
CVE IDs in the first public disclosure of the vulnerabilities. Details on subscribing
(and unsubscribing) to the email newsletter are at the end. Please feel free to pass
this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/November 10, 2016
-------------------------------------------------------
Contents:
1. CVE Launches Community Engagement Blog
2. CVE Adds 13 New CVE Numbering Authorities (CNAs)
3. 2 Products from SAINT Corporation Now Registered as Officially "CVE-Compatible"
4. Also in this Issue
5. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
CVE Launches Community Engagement Blog
The CVE Team has launched a "CVE Blog" to establish a dialogue with CVE users and to get
your input on issues and topics that are important to CVE.
Our first post is: "What's your opinion on how Descriptions are used in CVE IDs?"
Please read the post at
https://cve.mitre.org/blog/index.html#november042016_Whats_your_opinion_on_how_Descripti
ons_are_used_in_CVE IDs?, and let us know what you think.
We very much look forward to hearing from you!
LINKS:
CVE Blog -
https://cve.mitre.org/blog
CVE News page article -
https://cve.mitre.org/news/archives/2016/news.html#november042016_CVE_Launches_Community
_Engagement_Blog
---------------------------------------------------------------
CVE Adds 13 New CVE Numbering Authorities (CNAs)
The following ten software vendors, two vulnerability researchers, and one third-party
coordinator are now CVE Numbering Authorities (CNAs): Brocade Communications Systems,
Inc.; Check Point Software Technologies Ltd.; F5 Networks, Inc.; Fortinet, Inc.; Huawei
Technologies Co., Ltd.; Larry Cashdollar (vulnerability researcher); HackerOne
(third-party coordinator); Lenovo Group Ltd.; MarkLogic Corporation; Nvidia Corporation;
Objective Development Software GmbH; Talos (vulnerability researcher); and Yandex N.V.
CNAs are OS and product vendors, developers, security researchers, and research
organizations that assign CVE IDs to newly discovered issues without directly involving
MITRE in the details of the specific vulnerabilities, and include the CVE ID numbers in
the first public disclosure of the vulnerabilities.
CNAs are the main method for requesting a CVE ID number. The following 40 organizations
currently participate as CNAs: Adobe; Apache; Apple; BlackBerry; Brocade; CERT/CC; Check
Point; Cisco; Debian GNU/Linux; Distributed Weakness Filing Project; EMC; F5; Fortinet;
FreeBSD; Google; HackerOne; HP; Hewlett Packard Enterprise; Huawei; IBM; ICS-CERT;
Intel; JPCERT/CC; Juniper; Larry Cashdollar; Lenovo; MarkLogic; Micro Focus; Microsoft;
MITRE (primary CNA); Mozilla; Objective Development; Oracle; Red Hat; Silicon Graphics;
Symantec; Talos; Ubuntu Linux; and Yandex.
For more information about requesting CVE ID numbers from CNAs, visit the CVE Numbering
Authorities page on the CVE website at
https://cve.mitre.org/cve/cna.html#participating_cnas.
LINKS:
Request a CVE ID from a CNA -
https://cve.mitre.org/cve/cna.html#requesting_cve_ids
CVE News page article -
https://cve.mitre.org/news/archives/2016/news.html#november012016_CVE_Adds_13_New_CVE_Nu
mbering_Authorities_CNAs
---------------------------------------------------------------
2 Products from SAINT Corporation Now Registered as Officially "CVE-Compatible"
Two additional cybersecurity product have achieved the final stage of MITRE's formal CVE
Compatibility Process and are now officially "CVE-Compatible." The product is now
eligible to use the CVE-Compatible Product/Service logo, and a completed and reviewed
"CVE Compatibility Requirements Evaluation" questionnaire is posted for the product as
part of the organization's listing on the CVE-Compatible Products and Services page on
the CVE Web site. A total of 150 products to-date have been recognized as officially
compatible.
The following two products are now registered as officially "CVE-Compatible":
* SAINT Corporation
- SAINT Security Suite
- SAINTCloud
Use of the official CVE-Compatible logo will allow system administrators and other
security professionals to look for the logo when adopting vulnerability management
products and services for their enterprises and the compatibility process questionnaire
will help end-users compare how different products and services satisfy the CVE
compatibility requirements, and therefore which specific implementations are best for
their networks and systems.
For additional information and to review all products and services listed, visit the
CVE-Compatible Products and Services section of the CVE website at
https://cve.mitre.org/compatible/index.html.
LINKS:
SAINT Corporation -
http://www.saintcorporation.com/
SAINT Security Suite -
https://cve.mitre.org/compatible/questionnaires/69.html
SAINT Security Suite -
https://cve.mitre.org/compatible/questionnaires/30.html
Process -
https://cve.mitre.org/compatible/process.html
Requirements -
https://cve.mitre.org/compatible/requirements.html
Participating Organizations -
https://cve.mitre.org/compatible/organizations.html
Make a Declaration -
https://cve.mitre.org/compatible/make_a_declaration.html
CVE News page article -
https://cve.mitre.org/news/archives/2016/news.html#november042016_2_Products_from_SAINT_
Corporation_Now_Registered_as_Officially_CVE_Compatible
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* Minutes from CVE Editorial Board Teleconference Meeting on October 19 Now Available
Read these stories and more news at https://cve.mitre.org/news.
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Dan Adinolfi, Cyber Security Technical Center. Writer: Bob Roberge. The
MITRE Corporation (www.mitre.org) maintains CVE and provides impartial technical
guidance to the CVE Board and CVE Numbering Authorities on all matters related to
ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the
following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the
message to: listserv@lists.mitre.org. To subscribe, send an email message to
listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE
CVE-Announce-List".
Copyright 2016, The MITRE Corporation. CVE and the CVE logo are registered trademarks of
The MITRE Corporation. CVE is sponsored by US-CERT (www.us-cert.gov) in the office of
Cybersecurity and Communications (www.dhs.gov/office-cybersecurity-and-communications)
at the U.S. Department of Homeland Security (www.dhs.gov).
For more information about CVE, visit the CVE website at https://cve.mitre.org or send
an email to cve@mitre.org.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment