Welcome to the latest issue of the CVE-Announce e-newsletter. This email newsletter is
designed to bring recent news about CVE, such as new compatible products, new website
features, CVE in the news, etc. right to your email box. Common Vulnerabilities and
Exposures (CVE) is the standard for cyber security vulnerability names. The CVE Board
provides oversight and input into CVE's strategic direction, ensuring CVE meets the
vulnerability identification needs of the technology community. CVE Numbering
Authorities (CNAs) are major OS vendors, security researchers, and research
organizations that assign CVE Identifiers (CVE IDs) to newly discovered issues without
directly involving MITRE in the details of the specific vulnerabilities, and include the
CVE IDs in the first public disclosure of the vulnerabilities. Details on subscribing
(and unsubscribing) to the email newsletter are at the end. Please feel free to pass
this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/January 20, 2017
-------------------------------------------------------
Contents:
1. TIBCO Software Added as CVE Numbering Authority (CNA)
2. "Researcher Reservation Guidelines" Document Now Available
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
TIBCO Software Added as CVE Numbering Authority (CNA)
TIBCO Software, Inc. is now a CVE Numbering Authority (CNA) for TIBCO, Talarian,
Spotfire, Data Synapse, Foresight, Kabira, Proginet, LogLogic, StreamBase, JasperSoft,
and Mashery issues only.
CNAs are OS and product vendors, developers, security researchers, and research
organizations that assign CVE IDs to newly discovered issues without directly involving
MITRE in the details of the specific vulnerabilities, and include the CVE ID numbers in
the first public disclosure of the vulnerabilities.
CNAs are the main method for requesting a CVE ID number. The following 48 organizations
currently participate as CNAs: Adobe; Apache; Apple; BlackBerry; Brocade; CERT/CC; Check
Point; Cisco; Debian GNU/Linux; Dell EMC; Distributed Weakness Filing Project; F5;
Fortinet; FreeBSD; Google; HackerOne; HP; Hewlett Packard Enterprise; Huawei; IBM;
ICS-CERT; Intel; ICS-CERT; ISC; JPCERT/CC; Juniper; KrCERT/CC; Larry Cashdollar; Lenovo;
MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (primary CNA); Mozilla; Nvidia;
Objective Development; OpenSSL; Oracle; Puppet; Rapid 7; Red Hat; Silicon Graphics;
Symantec; Talos; TIBCO; Ubuntu Linux; VMWare; and Yandex.
For more information about requesting CVE ID numbers from CNAs, visit "Products Covered"
on the CVE website at
https://cve.mitre.org/cve/data_sources_product_coverage.html#products.html.
LINKS:
TIBCO Software -
http://www.tibco.com/
CNAs -
https://cve.mitre.org/cve/cna.html
Request a CVE ID from a CNA -
https://cve.mitre.org/cve/data_sources_product_coverage.html#products.html
CVE News page article -
https://cve.mitre.org/news/archives/2017/news.html#january192017_TIBCO_Software_Added_as
_CVE_Numbering_Authority_CNA
---------------------------------------------------------------
"Researcher Reservation Guidelines" Document Now Available
The "Researcher Reservation Guidelines" document is now available on the CVE website at
https://cve.mitre.org/cve/researcher_reservation_guidelines. This document provides
step-by-step guidelines on how to reserve a CVE ID(s) before publicizing a new
vulnerability so that CVE IDs can be included in the initial public announcement of the
vulnerability and can be used to track vulnerabilities.
LINKS:
Researcher Reservation Guidelines -
https://cve.mitre.org/cve/researcher_reservation_guidelines
CVE News page article -
https://cve.mitre.org/news/archives/2017/news.html#january122017_Researcher_Reservation_
Guidelines_Document_Now_Available
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* CVE Updates Its Definition of "Vulnerability"
* FOCUS ON: The Significance and Meaning of the Year Portion of a CVE Identifier
Read these stories and more news at https://cve.mitre.org/news.
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Dan Adinolfi, Cyber Security Technical Center. Writer: Bob Roberge. The
MITRE Corporation (www.mitre.org) maintains CVE and provides impartial technical
guidance to the CVE Board and CVE Numbering Authorities on all matters related to
ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the
following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the
message to: listserv@lists.mitre.org. To subscribe, send an email message to
listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE
CVE-Announce-List".
Copyright 2017, The MITRE Corporation. CVE and the CVE logo are registered trademarks of
The MITRE Corporation. CVE is sponsored by US-CERT (www.us-cert.gov) in the office of
Cybersecurity and Communications (www.dhs.gov/office-cybersecurity-and-communications)
at the U.S. Department of Homeland Security (www.dhs.gov).
For more information about CVE, visit the CVE website at https://cve.mitre.org or send
an email to cve@mitre.org.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment