Welcome to the latest issue of the CVE-Announce e-newsletter. This email newsletter is
designed to bring recent news about CVE, such as new compatible products, new website
features, CVE in the news, etc. right to your email box. Common Vulnerabilities and
Exposures (CVE) is the standard for cyber security vulnerability names. The CVE Board
provides oversight and input into CVE's strategic direction, ensuring CVE meets the
vulnerability identification needs of the technology community. CVE Numbering
Authorities (CNAs) are major OS vendors, security researchers, and research
organizations that assign CVE Identifiers (CVE IDs) to newly discovered issues without
directly involving MITRE in the details of the specific vulnerabilities, and include the
CVE IDs in the first public disclosure of the vulnerabilities. Details on subscribing
(and unsubscribing) to the email newsletter are at the end. Please feel free to pass
this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/December 21, 2016
-------------------------------------------------------
Contents:
1. OpenSSL Software Foundation Added as CVE Numbering Authority (CNA)
2. New CVE Board Member from JPCERT/CC
3. 1 Product from Cronus Cyber Technologies Now Registered as Officially
"CVE-Compatible"
4. New CVE Blog Post: "What's your opinion on updating CVE ID Descriptions?"
5. Also in this Issue
6. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
OpenSSL Software Foundation Added as CVE Numbering Authority (CNA)
OpenSSL Software Foundation is now a CVE Numbering Authority (CNA). CNAs are OS and
product vendors, developers, security researchers, and research organizations that
assign CVE IDs to newly discovered issues without directly involving MITRE in the
details of the specific vulnerabilities, and include the CVE ID numbers in the first
public disclosure of the vulnerabilities.
CNAs are the main method for requesting a CVE ID number. The following 41 organizations
currently participate as CNAs: Adobe; Apache; Apple; BlackBerry; Brocade; CERT/CC; Check
Point; Cisco; Debian GNU/Linux; Distributed Weakness Filing Project; EMC; F5; Fortinet;
FreeBSD; Google; HackerOne; HP; Hewlett Packard Enterprise; Huawei; IBM; ICS-CERT;
Intel; JPCERT/CC; Juniper; Larry Cashdollar; Lenovo; MarkLogic; Micro Focus; Microsoft;
MITRE (primary CNA); Mozilla; Objective Development; OpenSSL; Oracle; Red Hat; Silicon
Graphics; Symantec; Talos; Ubuntu Linux; and Yandex.
For more information about requesting CVE ID numbers from CNAs, visit "Products Covered"
on the CVE website at
https://cve.mitre.org/cve/data_sources_product_coverage.html#products.html.
LINKS:
OpenSSL -
https://www.openssl.org/
CNAs -
https://cve.mitre.org/cve/cna.html
Request a CVE ID from a CNA -
https://cve.mitre.org/cve/data_sources_product_coverage.html#products.html
CVE News page article -
https://cve.mitre.org/news/archives/2016/news.html#december212016_OpenSSL_Software_Found
ation_Added_as_CVE_Numbering_Authority_CNA
---------------------------------------------------------------
New CVE Board Member from JPCERT/CC
Takayuki Uchiyama of JPCERT Coordination Center (JPCERT/CC) has joined the CVE Board.
Read the full announcement and welcome message in the CVE Board email discussion list
archive at: https://cve.mitre.org/data/board/archives/2016-12/msg00006.html.
LINKS:
JPCERT/CC -
https://www.jpcert.or.jp/
CVE Board -
https://cve.mitre.org/community/board/index.html
CVE News page article -
https://cve.mitre.org/news/archives/2016/news.html#december152016_New_CVE_Board_Member_f
rom_JPCERT/CC
---------------------------------------------------------------
1 Product from Cronus Cyber Technologies Now Registered as Officially "CVE-Compatible"
One additional cyber security product has achieved the final stage of MITRE's formal CVE
Compatibility Process and is now officially "CVE-Compatible." The product is now
eligible to use the CVE-Compatible Product/Service logo, and a completed and reviewed
"CVE Compatibility Requirements Evaluation" questionnaire is posted for the product as
part of the organization's listing on the CVE-Compatible Products and Services page on
the CVE website. A total of 151 products to-date have been recognized as officially
compatible.
* Cronus Cyber Technologies - CyBot Suite
Use of the official CVE-Compatible logo will allow system administrators and other
security professionals to look for the logo when adopting vulnerability management
products and services for their enterprises and the compatibility process questionnaire
will help end-users compare how different products and services satisfy the CVE
compatibility requirements, and therefore which specific implementations are best for
their networks and systems.
For additional information and to review all products and services listed, visit the
CVE-Compatible Products and Services section of the CVE website at
https://cve.mitre.org/compatible/index.html.
LINKS:
Cronus Cyber Technologies -
http://cronus-cyber.com/
CyBot Suite -
https://cve.mitre.org/compatible/questionnaires/171.html
Process -
https://cve.mitre.org/compatible/process.html
Requirements -
https://cve.mitre.org/compatible/requirements.html
Participating Organizations -
https://cve.mitre.org/compatible/organizations.html
Make a Declaration -
https://cve.mitre.org/compatible/make_a_declaration.html
CVE News page article -
https://cve.mitre.org/news/archives/2016/news.html#december022016_1_Product_from_Cronus_
Cyber_Technologies_Now_Registered_as_Officially_CVE_Compatible
---------------------------------------------------------------
New CVE Blog Post: "What's your opinion on updating CVE ID Descriptions?"
Last month, we asked the CVE community how you used CVE ID Descriptions. This month, we
are following up on that question, asking about another aspect of how CVE ID
Descriptions and their content are used.
Specifically, we would like to hear your thoughts on updating CVE ID Descriptions when
new details about the vulnerability become available.
Please read the full post at
https://cve.mitre.org/blog/index.html#december152016_What's_your_opinion_on_updating_CVE
_ID_Descriptions?, and let us know what you think. We very much look forward to hearing
from you!
LINK:
CVE Blog post -
https://cve.mitre.org/blog/index.html#december152016_What's_your_opinion_on_updating_CVE
_ID_Descriptions?
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* Minutes from CVE Board Teleconference Meeting on November 30 Now Available
Read these stories and more news at https://cve.mitre.org/news.
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Dan Adinolfi, Cyber Security Technical Center. Writer: Bob Roberge. The
MITRE Corporation (www.mitre.org) maintains CVE and provides impartial technical
guidance to the CVE Board and CVE Numbering Authorities on all matters related to
ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the
following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the
message to: listserv@lists.mitre.org. To subscribe, send an email message to
listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE
CVE-Announce-List".
Copyright 2016, The MITRE Corporation. CVE and the CVE logo are registered trademarks of
The MITRE Corporation. CVE is sponsored by US-CERT (www.us-cert.gov) in the office of
Cybersecurity and Communications (www.dhs.gov/office-cybersecurity-and-communications)
at the U.S. Department of Homeland Security (www.dhs.gov).
For more information about CVE, visit the CVE website at https://cve.mitre.org or send
an email to cve@mitre.org.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment