Welcome to the latest issue of the CVE-Announce e-newsletter. This email newsletter is
designed to bring recent news about CVE, such as new website features, new CNAs, CVE in
the news, etc. right to your email box. Common Vulnerabilities and Exposures (CVE) is
the standard for cybersecurity vulnerability names. The CVE Board provides oversight and
input into CVE's strategic direction, ensuring CVE meets the vulnerability
identification needs of the technology community. CVE Numbering Authorities (CNAs) are
major OS vendors, security researchers, and research organizations that assign CVE
Identifiers (CVE IDs) to newly discovered issues without directly involving MITRE in the
details of the specific vulnerabilities, and include the CVE IDs in the first public
disclosure of the vulnerabilities. Details on subscribing (and unsubscribing) to the
email newsletter are at the end. Please feel free to pass this newsletter on to
interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/April 18, 2017
-------------------------------------------------------
Contents:
1. Eclipse Foundation Added as CVE Numbering Authority (CNA)
2. "Expanding and Improving" CVE Talk at SOURCE Boston 2017 on April 27
3. Minutes from CVE Board Teleconference Meeting on March 22 Now Available
4. Follow us on LinkedIn and Twitter
5. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
Eclipse Foundation Added as CVE Numbering Authority (CNA)
The Eclipse Foundation is now a CVE Numbering Authority (CNA) for Eclipse IDE and the
Eclipse Foundation's eclipse.org, polarsys.org, and locationtech.org open source
projects only.
CNAs are OS and product vendors, developers, security researchers, and research
organizations that assign CVE IDs to newly discovered issues without directly involving
MITRE in the details of the specific vulnerabilities, and include the CVE IDs in the
first public disclosure of the vulnerabilities.
CNAs are the main method for requesting a CVE ID. The following 55 organizations
currently participate as CNAs: Adobe; Apache; Apple; BlackBerry; Brocade; Canonical;
CERT/CC; Check Point; Cisco; Debian GNU/Linux; Dell EMC; Distributed Weakness Filing
Project; Drupal.org; Eclipse Foundation; F5; Flexera Software; Fortinet; FreeBSD;
Google; HackerOne; HP; Hewlett Packard Enterprise; Huawei; IBM; ICS-CERT; Intel; ISC;
JPCERT/CC; Juniper; KrCERT/CC; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus;
Microsoft; MITRE (primary CNA); Mozilla; Netgear; Nvidia; Objective Development;
OpenSSL; Oracle; Puppet; Qihoo 360; Qualcomm; Rapid 7; Red Hat; Siemens; Silicon
Graphics; Symantec; Talos; TIBCO; VMware; and Yandex.
For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID
on the CVE website at https://cve.mitre.org/cve/request_id.html.
LINKS:
Eclipse Foundation -
https://www.eclipse.org/security
CNAs -
https://cve.mitre.org/cve/cna.html
Request a CVE ID from a CNA -
https://cve.mitre.org/cve/request_id.html
CVE News page article -
https://cve.mitre.org/news/archives/2017/news.html#April142017_Eclipse_Foundation_Added_
as_CVE_Numbering_Authority_CNA
---------------------------------------------------------------
"Expanding and Improving" CVE Talk at SOURCE Boston 2017 on April 27
CVE Numbering Authorities Program Lead Dan Adinolfi will give a talk entitled "Expanding
and Improving CVE to Facilitate Vulnerability Disclosure and Management" on April 27,
2017 at SOURCE Boston 2017 in Boston, Massachusetts, USA. The event itself runs April
26-27.
From the event agenda:
"The Common Vulnerabilities and Exposures (CVE) program uniquely identifies and names
publicly-disclosed vulnerabilities in software and other codebases. CVE Numbering
Authorities (CNAs) are an important part of the CVE program and are given the ability to
identify and name CVE IDs in coordination with the MITRE CVE team. Participating as a
CVE CNA allows organizations to have more control over their vulnerability management
and disclosure processes while also ensuring a consistent level of service and a high
quality of content within the CVE list. Becoming a CNA can be beneficial to vendors,
coordination centers, and their customers, and it helps build a community of practice
that continues to help improve the state of vulnerability management across many
sectors. Join Daniel Adinolfi of the CVE program to learn about these benefits and how
to participate. Who should attend: CVE is a core piece of infrastructure that enables
coordinated vulnerability disclosure and management. Developers, vulnerability
researchers, product security incident response team (PSIRT) members, and anyone
involved in vulnerability disclosure, research, or management processes would find value
in attending."
To register for the event, visit
http://www.sourceconference.com/boston-2017-registration.
LINKS:
Expanding and Improving CVE talk description -
https://manage.busyconf.com/events/sourceboston2017/activities/581388353dd949129f00000d
SOURCE Boston 2017 -
http://www.sourceconference.com/boston-2017-main
CVE News page article -
https://cve.mitre.org/news/archives/2017/news.html#April142017_Expanding_and_Improving_C
VE_Talk_at_SOURCE_Boston_2017_on_April_27
---------------------------------------------------------------
Minutes from CVE Board Teleconference Meeting on March 22 Now Available
The CVE Board held a teleconference meeting on March 22, 2017. Read the meeting minutes
at https://cve.mitre.org/data/board/archives/2017-04/msg00003.html.
The CVE Board includes numerous cybersecurity-related organizations including commercial
security tool vendors, academia, research institutions, government departments and
agencies, and other prominent security experts, as well as end-users of vulnerability
information. Through open and collaborative discussions, the Board provides critical
input regarding the data sources, product coverage, coverage goals, operating structure,
and strategic direction of the CVE program.
For additional information about the CVE Board, visit
https://cve.mitre.org/community/board/index.html.
LINKS:
CVE Board Current Members -
https://cve.mitre.org/community/board/index.html#current_members
Board Meetings Archive -
https://cve.mitre.org/community/board/archive.html#meeting_summaries
CVE News page article -
https://cve.mitre.org/news/archives/2017/news.html#April062017_Minutes_from_CVE_Board_Te
leconference_Meeting_on_March_22_Now_Available
---------------------------------------------------------------
Follow us on LinkedIn and Twitter
Please follow us on Twitter for the latest from CVE:
* Feed of the latest CVE IDs -
https://twitter.com/CVEnew/
* Feed of news and announcements about CVE -
https://twitter.com/CVEannounce/
Please also visit us on LinkedIn to more easily comment on our news articles and CVE
Blog posts:
* CVE-CWE-CAPEC on LinkedIn -
https://www.linkedin.com/company/11033649
* CVE Blog -
https://cve.mitre.org/blog/
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Dan Adinolfi, Cyber Security Technical Center. Writer: Bob Roberge. The
MITRE Corporation (www.mitre.org) maintains CVE and provides impartial technical
guidance to the CVE Board and CVE Numbering Authorities on all matters related to
ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the
following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the
message to: listserv@lists.mitre.org. To subscribe, send an email message to
listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE
CVE-Announce-List".
Copyright 2017, The MITRE Corporation. CVE and the CVE logo are registered trademarks of
The MITRE Corporation. CVE is sponsored by US-CERT (www.us-cert.gov) in the office of
Cybersecurity and Communications (www.dhs.gov/office-cybersecurity-and-communications)
at the U.S. Department of Homeland Security (www.dhs.gov).
For more information about CVE, visit the CVE website at https://cve.mitre.org or send
an email to cve@mitre.org.
Tuesday, April 18, 2017
Wednesday, April 5, 2017
CVE Announce - April 5, 2017 (opt-in newsletter from the CVE website)
Welcome to the latest issue of the CVE-Announce e-newsletter. This email newsletter is
designed to bring recent news about CVE, such as new website features, new CNAs, CVE in
the news, etc. right to your email box. Common Vulnerabilities and Exposures (CVE) is
the standard for cybersecurity vulnerability names. The CVE Board provides oversight and
input into CVE's strategic direction, ensuring CVE meets the vulnerability
identification needs of the technology community. CVE Numbering Authorities (CNAs) are
major OS vendors, security researchers, and research organizations that assign CVE
Identifiers (CVE IDs) to newly discovered issues without directly involving MITRE in the
details of the specific vulnerabilities, and include the CVE IDs in the first public
disclosure of the vulnerabilities. Details on subscribing (and unsubscribing) to the
email newsletter are at the end. Please feel free to pass this newsletter on to
interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/April 5, 2017
-------------------------------------------------------
Contents:
1. Two Organizations Added as CVE Numbering Authorities (CNAs): Siemens and Qualcomm
2. Minutes from CVE Board Teleconference Meeting on March 8 Now Available
3. Follow us on LinkedIn and Twitter
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
Two Organizations Added as CVE Numbering Authorities (CNAs): Siemens and Qualcomm
Two additional organizations are now CVE Numbering Authorities (CNAs): Siemens AG for
Siemens issues only, and Qualcomm, Inc. for Qualcomm and Snapdragon issues only.
CNAs are OS and product vendors, developers, security researchers, and research
organizations that assign CVE IDs to newly discovered issues without directly involving
MITRE in the details of the specific vulnerabilities, and include the CVE IDs in the
first public disclosure of the vulnerabilities.
CNAs are the main method for requesting a CVE ID. The following 54 organizations
currently participate as CNAs: Adobe; Apache; Apple; BlackBerry; Brocade; Canonical;
CERT/CC; Check Point; Cisco; Debian GNU/Linux; Dell EMC; Distributed Weakness Filing
Project; Drupal.org; F5; Flexera Software; Fortinet; FreeBSD; Google; HackerOne; HP;
Hewlett Packard Enterprise; Huawei; IBM; ICS-CERT; Intel; ISC; JPCERT/CC; Juniper;
KrCERT/CC; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE
(primary CNA); Mozilla; Netgear; Nvidia; Objective Development; OpenSSL; Oracle; Puppet;
Qihoo 360; Qualcomm; Rapid 7; Red Hat; Siemens; Silicon Graphics; Symantec; Talos;
TIBCO; VMware; and Yandex.
For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID
on the CVE website at https://cve.mitre.org/cve/request_id.html.
LINKS:
Siemens -
https://www.siemens.com/cert
Qualcomm -
https://www.qualcomm.com/
CNAs -
https://cve.mitre.org/cve/cna.html
Request a CVE ID from a CNA -
https://cve.mitre.org/cve/request_id.html
CVE News page articles -
https://cve.mitre.org/news/archives/2017/news.html#April42017_Qualcomm_Added_as_CVE_Numb
ering_Authority_CNA
https://cve.mitre.org/news/archives/2017/news.html#March232017_Siemens_Added_as_CVE_Numb
ering_Authority_CNA
---------------------------------------------------------------
Minutes from CVE Board Teleconference Meeting on March 8 Now Available
The CVE Board held a teleconference meeting on March 8, 2017. Read the meeting minutes
at https://cve.mitre.org/data/board/archives/2017-03/msg00032.html.
The CVE Board includes numerous cybersecurity-related organizations including commercial
security tool vendors, academia, research institutions, government departments and
agencies, and other prominent security experts, as well as end-users of vulnerability
information. Through open and collaborative discussions, the Board provides critical
input regarding the data sources, product coverage, coverage goals, operating structure,
and strategic direction of the CVE program.
For additional information about the CVE Board, visit
https://cve.mitre.org/community/board/index.html.
LINKS:
CVE Board Current Members -
https://cve.mitre.org/community/board/index.html#current_members
Board Meetings Archive -
https://cve.mitre.org/community/board/archive.html#meeting_summaries
CVE News page article -
https://cve.mitre.org/news/archives/2017/news.html#March302017_Minutes_from_CVE_Board_Te
leconference_Meeting_on_March_8_Now_Available
---------------------------------------------------------------
Follow us on LinkedIn and Twitter
Please follow us on Twitter for the latest from CVE:
* Feed of the latest CVE IDs -
https://twitter.com/CVEnew/
* Feed of news and announcements about CVE -
https://twitter.com/CVEannounce/
Please also visit us on LinkedIn to more easily comment on our news articles and CVE
Blog posts:
* CVE-CWE-CAPEC on LinkedIn -
https://www.linkedin.com/company/11033649
* CVE Blog -
https://cve.mitre.org/blog/
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Dan Adinolfi, Cyber Security Technical Center. Writer: Bob Roberge. The
MITRE Corporation (www.mitre.org) maintains CVE and provides impartial technical
guidance to the CVE Board and CVE Numbering Authorities on all matters related to
ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the
following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the
message to: listserv@lists.mitre.org. To subscribe, send an email message to
listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE
CVE-Announce-List".
Copyright 2017, The MITRE Corporation. CVE and the CVE logo are registered trademarks of
The MITRE Corporation. CVE is sponsored by US-CERT (www.us-cert.gov) in the office of
Cybersecurity and Communications (www.dhs.gov/office-cybersecurity-and-communications)
at the U.S. Department of Homeland Security (www.dhs.gov).
For more information about CVE, visit the CVE website at https://cve.mitre.org or send
an email to cve@mitre.org.
designed to bring recent news about CVE, such as new website features, new CNAs, CVE in
the news, etc. right to your email box. Common Vulnerabilities and Exposures (CVE) is
the standard for cybersecurity vulnerability names. The CVE Board provides oversight and
input into CVE's strategic direction, ensuring CVE meets the vulnerability
identification needs of the technology community. CVE Numbering Authorities (CNAs) are
major OS vendors, security researchers, and research organizations that assign CVE
Identifiers (CVE IDs) to newly discovered issues without directly involving MITRE in the
details of the specific vulnerabilities, and include the CVE IDs in the first public
disclosure of the vulnerabilities. Details on subscribing (and unsubscribing) to the
email newsletter are at the end. Please feel free to pass this newsletter on to
interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/April 5, 2017
-------------------------------------------------------
Contents:
1. Two Organizations Added as CVE Numbering Authorities (CNAs): Siemens and Qualcomm
2. Minutes from CVE Board Teleconference Meeting on March 8 Now Available
3. Follow us on LinkedIn and Twitter
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
Two Organizations Added as CVE Numbering Authorities (CNAs): Siemens and Qualcomm
Two additional organizations are now CVE Numbering Authorities (CNAs): Siemens AG for
Siemens issues only, and Qualcomm, Inc. for Qualcomm and Snapdragon issues only.
CNAs are OS and product vendors, developers, security researchers, and research
organizations that assign CVE IDs to newly discovered issues without directly involving
MITRE in the details of the specific vulnerabilities, and include the CVE IDs in the
first public disclosure of the vulnerabilities.
CNAs are the main method for requesting a CVE ID. The following 54 organizations
currently participate as CNAs: Adobe; Apache; Apple; BlackBerry; Brocade; Canonical;
CERT/CC; Check Point; Cisco; Debian GNU/Linux; Dell EMC; Distributed Weakness Filing
Project; Drupal.org; F5; Flexera Software; Fortinet; FreeBSD; Google; HackerOne; HP;
Hewlett Packard Enterprise; Huawei; IBM; ICS-CERT; Intel; ISC; JPCERT/CC; Juniper;
KrCERT/CC; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE
(primary CNA); Mozilla; Netgear; Nvidia; Objective Development; OpenSSL; Oracle; Puppet;
Qihoo 360; Qualcomm; Rapid 7; Red Hat; Siemens; Silicon Graphics; Symantec; Talos;
TIBCO; VMware; and Yandex.
For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID
on the CVE website at https://cve.mitre.org/cve/request_id.html.
LINKS:
Siemens -
https://www.siemens.com/cert
Qualcomm -
https://www.qualcomm.com/
CNAs -
https://cve.mitre.org/cve/cna.html
Request a CVE ID from a CNA -
https://cve.mitre.org/cve/request_id.html
CVE News page articles -
https://cve.mitre.org/news/archives/2017/news.html#April42017_Qualcomm_Added_as_CVE_Numb
ering_Authority_CNA
https://cve.mitre.org/news/archives/2017/news.html#March232017_Siemens_Added_as_CVE_Numb
ering_Authority_CNA
---------------------------------------------------------------
Minutes from CVE Board Teleconference Meeting on March 8 Now Available
The CVE Board held a teleconference meeting on March 8, 2017. Read the meeting minutes
at https://cve.mitre.org/data/board/archives/2017-03/msg00032.html.
The CVE Board includes numerous cybersecurity-related organizations including commercial
security tool vendors, academia, research institutions, government departments and
agencies, and other prominent security experts, as well as end-users of vulnerability
information. Through open and collaborative discussions, the Board provides critical
input regarding the data sources, product coverage, coverage goals, operating structure,
and strategic direction of the CVE program.
For additional information about the CVE Board, visit
https://cve.mitre.org/community/board/index.html.
LINKS:
CVE Board Current Members -
https://cve.mitre.org/community/board/index.html#current_members
Board Meetings Archive -
https://cve.mitre.org/community/board/archive.html#meeting_summaries
CVE News page article -
https://cve.mitre.org/news/archives/2017/news.html#March302017_Minutes_from_CVE_Board_Te
leconference_Meeting_on_March_8_Now_Available
---------------------------------------------------------------
Follow us on LinkedIn and Twitter
Please follow us on Twitter for the latest from CVE:
* Feed of the latest CVE IDs -
https://twitter.com/CVEnew/
* Feed of news and announcements about CVE -
https://twitter.com/CVEannounce/
Please also visit us on LinkedIn to more easily comment on our news articles and CVE
Blog posts:
* CVE-CWE-CAPEC on LinkedIn -
https://www.linkedin.com/company/11033649
* CVE Blog -
https://cve.mitre.org/blog/
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Dan Adinolfi, Cyber Security Technical Center. Writer: Bob Roberge. The
MITRE Corporation (www.mitre.org) maintains CVE and provides impartial technical
guidance to the CVE Board and CVE Numbering Authorities on all matters related to
ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the
following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the
message to: listserv@lists.mitre.org. To subscribe, send an email message to
listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE
CVE-Announce-List".
Copyright 2017, The MITRE Corporation. CVE and the CVE logo are registered trademarks of
The MITRE Corporation. CVE is sponsored by US-CERT (www.us-cert.gov) in the office of
Cybersecurity and Communications (www.dhs.gov/office-cybersecurity-and-communications)
at the U.S. Department of Homeland Security (www.dhs.gov).
For more information about CVE, visit the CVE website at https://cve.mitre.org or send
an email to cve@mitre.org.
Subscribe to:
Comments (Atom)
