Welcome to the latest issue of the CVE-Announce e-newsletter. This email newsletter is
designed to bring recent news about CVE, such as new website features, new CNAs, CVE in
the news, etc. right to your email box. Common Vulnerabilities and Exposures (CVE) is
the standard for cybersecurity vulnerability names. The CVE Board provides oversight and
input into CVE's strategic direction, ensuring CVE meets the vulnerability
identification needs of the technology community. CVE Numbering Authorities (CNAs) are
major OS vendors, security researchers, and research organizations that assign CVE
Identifiers (CVE IDs) to newly discovered issues without directly involving MITRE in the
details of the specific vulnerabilities, and include the CVE IDs in the first public
disclosure of the vulnerabilities. Details on subscribing (and unsubscribing) to the
email newsletter are at the end. Please feel free to pass this newsletter on to
interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/May 5, 2017
-------------------------------------------------------
Contents:
1. Three Organizations Added as CVE Numbering Authorities (CNAs): Elastic, IOActive, and
Schneider Electric
2. "Expanding and Improving" CVE Talk at Two Events in May
3. Follow us on LinkedIn and Twitter
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
Three Organizations Added as CVE Numbering Authorities (CNAs): Elastic, IOActive, and
Schneider Electric
Three additional organizations are now CVE Numbering Authorities (CNAs): Elastic for its
Elasticsearch, Kibana, Beats, Logstash, X-Pack, and Elastic Cloud Enterprise products
only; IOActive for third-party products it researches; and Schneider Electric SE for
Schneider Electric products only.
CNAs are OS and product vendors, developers, security researchers, and research
organizations that assign CVE IDs to newly discovered issues without directly involving
MITRE in the details of the specific vulnerabilities, and include the CVE IDs in the
first public disclosure of the vulnerabilities.
CNAs are the main method for requesting a CVE ID. The following 58 organizations
currently participate as CNAs: Adobe; Apache; Apple; BlackBerry; Brocade; Canonical;
CERT/CC; Check Point; Cisco; Debian GNU/Linux; Dell EMC; Distributed Weakness Filing
Project; Drupal.org; Eclipse Foundation; Elastic; F5; Flexera Software; Fortinet;
FreeBSD; Google; HackerOne; HP; Hewlett Packard Enterprise; Huawei; IBM; ICS-CERT;
Intel; IOActive; ISC; JPCERT/CC; Juniper; KrCERT/CC; Larry Cashdollar; Lenovo;
MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (primary CNA); Mozilla; Netgear;
Nvidia; Objective Development; OpenSSL; Oracle; Puppet; Qihoo 360; Qualcomm; Rapid 7;
Red Hat; Schneider Electric; Siemens; Silicon Graphics; Symantec; Talos; TIBCO; VMware;
and Yandex.
For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID
on the CVE website at https://cve.mitre.org/cve/request_id.html.
LINKS:
Elastic -
https://www.elastic.co/
IOActive -
https://ioactive.com/
Schneider Electric -
http://www.schneider-electric.com/
CNAs -
https://cve.mitre.org/cve/cna.html
Request a CVE ID from a CNA -
https://cve.mitre.org/cve/request_id.html
CVE News page articles -
https://cve.mitre.org/news/archives/2017/news.html#May042017_Elastic_Added_as_CVE_Number
ing_Authority_CNA
https://cve.mitre.org/news/archives/2017/news.html#April252017_IOActive_Added_as_CVE_Num
bering_Authority_CNA
https://cve.mitre.org/news/archives/2017/news.html#April202017_Schneider_Electric_Added_
as_CVE_Numbering_Authority_CNA
---------------------------------------------------------------
"Expanding and Improving" CVE Talk at Two Events in May
CVE Numbering Authorities Program Lead Dan Adinolfi will give a talk entitled "Expanding
and Improving CVE to Facilitate Vulnerability Disclosure and Management" at the Task
Force-Computer Security Incident Response Team (TF-CSIRT) Group Annual Meeting on May
15, 2017 in The Hague, Netherlands, and at the European Government CERTs (EGC) Group
Meeting on May 18, 2017 in The Hague, Netherlands.
Talk synopsis: "The Common Vulnerabilities and Exposures (CVE) program uniquely
identifies and names publicly disclosed vulnerabilities in software and other codebases.
CVE Numbering Authorities (CNAs) are an important part of the CVE program and are given
the ability to identify and name CVE IDs in coordination with the MITRE CVE team.
Participating as a CVE CNA allows organizations to have more control over their
vulnerability management and disclosure processes while also ensuring a consistent level
of service and a high quality of content within the CVE list. Becoming a CNA can be
beneficial to vendors, coordination centers, and their customers, and it helps build a
community of practice that continues to help improve the state of vulnerability
management across many sectors."
Visit the CVE Calendar on the CVE website at
https://cve.mitre.org/news/archives/2017/calendar.html for information on this and other
events.
LINKS:
TF-CSIRT Group Annual Meeting -
https://tf-csirt.org/tf-csirt/meetings/51st-meeting/
EGC Group Meeting -
http://www.egc-group.org/index.html
CVE News page articles -
https://cve.mitre.org/news/archives/2017/news.html#may042017_Expanding_and_Improving_CVE
_Talk_at_TF_CSIRT_Annual_Group_Meeting_on_May_15
https://cve.mitre.org/news/archives/2017/news.html#may042017_Expanding_and_Improving_CVE
_Talk_at_EGC_Group_Meeting_on_May_18
---------------------------------------------------------------
Follow us on LinkedIn and Twitter
Please follow us on Twitter for the latest from CVE:
* Feed of the latest CVE IDs -
https://twitter.com/CVEnew/
* Feed of news and announcements about CVE -
https://twitter.com/CVEannounce/
Please also visit us on LinkedIn to more easily comment on our news articles and CVE
Blog posts:
* CVE-CWE-CAPEC on LinkedIn -
https://www.linkedin.com/company/11033649
* CVE Blog -
https://cve.mitre.org/blog/
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Dan Adinolfi, Cyber Security Technical Center. Writer: Bob Roberge. The
MITRE Corporation (www.mitre.org) maintains CVE and provides impartial technical
guidance to the CVE Board and CVE Numbering Authorities on all matters related to
ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the
following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the
message to: listserv@lists.mitre.org. To subscribe, send an email message to
listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE
CVE-Announce-List".
Copyright 2017, The MITRE Corporation. CVE and the CVE logo are registered trademarks of
The MITRE Corporation. CVE is sponsored by US-CERT (www.us-cert.gov) in the office of
Cybersecurity and Communications (www.dhs.gov/office-cybersecurity-and-communications)
at the U.S. Department of Homeland Security (www.dhs.gov).
For more information about CVE, visit the CVE website at https://cve.mitre.org or send
an email to cve@mitre.org.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment