Tuesday, November 14, 2017

CVE Announce - November 14, 2017 (opt-in newsletter from the CVE website)

Welcome to the latest issue of the CVE-Announce e-newsletter. This email newsletter is designed to bring recent news about CVE, such as new website features, new CNAs, CVE in the news, etc. right to your email box. Common Vulnerabilities and Exposures (CVE) is the standard for cybersecurity vulnerability names. The CVE Board provides oversight and input into CVE's strategic direction, ensuring CVE meets the vulnerability identification needs of the technology community. CVE Numbering Authorities (CNAs) are vendors and projects, vulnerability researchers, national and industry CERTs, and bug bounty programs that assign CVE Identifiers (CVE IDs) to newly discovered issues, and include the CVE IDs in the first public disclosure of the vulnerabilities. Details on subscribing (and unsubscribing) to the email newsletter are at the end. Please feel free to pass this newsletter on to interested colleagues.

 

Comments: cve@mitre.org

 

-------------------------------------------------------

CVE-Announce e-newsletter/November 14, 2017

-------------------------------------------------------

 

Contents:

 

1. CVE Adds 2 New CVE Numbering Authorities: Booz Allen Hamilton and SAP

2. Minutes from CVE Board Teleconference Meeting on November 1 Now Available

3. Follow us on LinkedIn and Twitter

4. Details/Credits + Subscribing and Unsubscribing

 

 

FEATURE STORY:

 

CVE Adds 2 New CVE Numbering Authorities: Booz Allen Hamilton and SAP

 

The following two organizations are now CVE Numbering Authorities (CNAs): SAP SE for all SAP products, and Booz Allen Hamilton, Inc. for all Booz Allen Hamilton products as well as vulnerabilities in third-party software discovered by Booz Allen Hamilton that are not covered by another CNA.

 

CNAs are organizations from around the world that are authorized to assign CVE IDs to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

 

CNAs are the main method for requesting a CVE ID. The following 81 organizations currently participate as CNAs: Adobe; Airbus; Alibaba; Apache; Apple; ASUSTOR; Atlassian; Autodesk; BlackBerry; Booz Allen Hamilton; Brocade; CA; Canonical; CERT/CC; Check Point; Cisco; Dahua; Debian GNU/Linux; Dell EMC; Distributed Weakness Filing Project; Drupal.org; Duo; Eclipse Foundation; Elastic; F5; Flexera Software; Forcepoint; Fortinet; FreeBSD; Google; HackerOne; HP; Hewlett Packard Enterprise; Huawei; IBM; ICS-CERT; Intel; IOActive; ISC; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (primary CNA); Mozilla; NetApp; Netflix; Netgear; Node.js; Nvidia; Objective Development; OpenSSL; Oracle; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Riverbed; SAP; Schneider Electric; Siemens; Silicon Graphics; Symantec; Synology; Talos; Tenable; TIBCO; Trend Micro; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.

 

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID on the CVE website at https://cve.mitre.org/cve/request_id.html.

 

LINKS:

 

SAP -

https://www.sap.com/

 

Booz Allen Hamilton -

https://www.boozallen.com/

 

CNAs -

https://cve.mitre.org/cve/cna.html

 

Request a CVE ID from a CNA -

https://cve.mitre.org/cve/request_id.html

 

Become a CNA -

https://cve.mitre.org/cve/cna.html#become_a_cna

 

CVE News page articles -

https://cve.mitre.org/news/archives/2017/news.html#November092017_SAP_Added_as_CVE_Numbering_Authority_CNA

https://cve.mitre.org/news/archives/2017/news.html#November072017_Booz_Allen_Hamilton_Added_as_CVE_Numbering_Authority_CNA

 

---------------------------------------------------------------

Minutes from CVE Board Teleconference Meeting on November 1 Now Available

 

The CVE Board held a teleconference meeting on November 1, 2017. Read the meeting minutes at https://cve.mitre.org/data/board/archives/2017-11/msg00025.html.

 

The CVE Board includes numerous cybersecurity-related organizations including commercial security tool vendors, academia, research institutions, government departments and agencies, and other prominent security experts, as well as end-users of vulnerability information. Through open and collaborative discussions, the Board provides critical input regarding the data sources, product coverage, coverage goals, operating structure, and strategic direction of the CVE program. All Board Meetings and Board Email List Discussions are archived for the community.

 

LINKS:

 

CVE Board -

https://cve.mitre.org/community/board/index.html

 

Board Archives -

https://cve.mitre.org/community/board/archive.html#meeting_summaries

https://cve.mitre.org/community/board/archive.html#board_mail_list_archive

 

CVE News page article -

https://cve.mitre.org/news/archives/2017/news.html#November132017_Minutes_from_CVE_Board_Teleconference_Meeting_on_November_1_Now_Available

 

---------------------------------------------------------------

Follow us on LinkedIn and Twitter

 

Please follow us on Twitter for the latest from CVE:

 

* Feed of the latest CVE Entries -

https://twitter.com/CVEnew/

 

* Feed of news and announcements about CVE -

https://twitter.com/CVEannounce/

 

Please also visit us on LinkedIn to more easily comment on our news articles and CVE Blog posts:

 

* CVE-CWE-CAPEC on LinkedIn -

https://www.linkedin.com/company/11033649

 

* CVE Blog -

https://cve.mitre.org/blog/

 

---------------------------------------------------------------

Details/Credits + Subscribing and Unsubscribing

 

To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the message to: listserv@lists.mitre.org. To subscribe, send an email message to listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".

 

CVE is sponsored by US-CERT (https://www.us-cert.gov/) in the office of Cybersecurity and Communications (https://www.dhs.gov/office-cybersecurity-and-communications/) at the U.S. Department of Homeland Security (https://www.dhs.gov/).

 

Copyright 2017, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. MITRE (https://www.mitre.org) maintains CVE and provides impartial technical guidance to the CVE Board and CVE Numbering Authorities on all matters related to ongoing development of CVE.

 

For more information about CVE, visit the CVE website at https://cve.mitre.org or send an email to cve@mitre.org.

 

Posted by at No comments:

Wednesday, November 1, 2017

CVE Announce - November 1, 2017 (opt-in newsletter from the CVE website)

Welcome to the latest issue of the CVE-Announce e-newsletter. This email newsletter is designed to bring recent news about CVE, such as new website features, new CNAs, CVE in the news, etc. right to your email box. Common Vulnerabilities and Exposures (CVE) is the standard for cybersecurity vulnerability names. The CVE Board provides oversight and input into CVE's strategic direction, ensuring CVE meets the vulnerability identification needs of the technology community. CVE Numbering Authorities (CNAs) are vendors, security researchers, and research organizations that assign CVE Identifiers (CVE IDs) to newly discovered issues, and include the CVE IDs in the first public disclosure of the vulnerabilities. Details on subscribing (and unsubscribing) to the email newsletter are at the end. Please feel free to pass this newsletter on to interested colleagues.

 

Comments: cve@mitre.org

 

-------------------------------------------------------

CVE-Announce e-newsletter/November 1, 2017

-------------------------------------------------------

 

Contents:

 

1. Node.js Added as CVE Numbering Authority (CNA)

2. Minutes from CVE Board Teleconference Meeting on October 18 Now Available

3. Follow us on LinkedIn and Twitter

4. Details/Credits + Subscribing and Unsubscribing

 

 

FEATURE STORY:

 

Node.js Added as CVE Numbering Authority (CNA)

 

Node.js is now a CVE Numbering Authority (CNA) for all actively developed versions of software developed under the Node.js project on https://github.com/nodejs.

 

CNAs are organizations from around the world that are authorized to assign CVE IDs to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

 

CNAs are the main method for requesting a CVE ID. The following 79 organizations currently participate as CNAs: Adobe; Airbus; Alibaba; Apache; Apple; ASUSTOR; Atlassian; Autodesk; BlackBerry; Brocade; CA; Canonical; CERT/CC; Check Point; Cisco; Dahua; Debian GNU/Linux; Dell EMC; Distributed Weakness Filing Project; Drupal.org; Duo; Eclipse Foundation; Elastic; F5; Flexera Software; Forcepoint; Fortinet; FreeBSD; Google; HackerOne; HP; Hewlett Packard Enterprise; Huawei; IBM; ICS-CERT; Intel; IOActive; ISC; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (primary CNA); Mozilla; NetApp; Netflix; Netgear; Node.js; Nvidia; Objective Development; OpenSSL; Oracle; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Riverbed; Schneider Electric; Siemens; Silicon Graphics; Symantec; Synology; Talos; Tenable; TIBCO; Trend Micro; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.

 

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID on the CVE website at https://cve.mitre.org/cve/request_id.html.

 

LINKS:

 

Node.js -

https://nodejs.org/en/security/

 

CNAs -

https://cve.mitre.org/cve/cna.html

 

Request a CVE ID from a CNA -

https://cve.mitre.org/cve/request_id.html

 

Become a CNA -

https://cve.mitre.org/cve/cna.html#become_a_cna

 

CVE News page article -

https://cve.mitre.org/news/archives/2017/news.html#October252017_Node.js_Added_as_CVE_Numbering_Authority_CNA

 

---------------------------------------------------------------

Minutes from CVE Board Teleconference Meeting on October 18 Now Available

 

The CVE Board held a teleconference meeting on October 18, 2017. Read the meeting minutes at https://cve.mitre.org/data/board/archives/2017-10/msg00062.html.

 

The CVE Board includes numerous cybersecurity-related organizations including commercial security tool vendors, academia, research institutions, government departments and agencies, and other prominent security experts, as well as end-users of vulnerability information. Through open and collaborative discussions, the Board provides critical input regarding the data sources, product coverage, coverage goals, operating structure, and strategic direction of the CVE program. All Board Meetings and Board Email List Discussions are archived for the community.

 

LINKS:

 

CVE Board -

https://cve.mitre.org/community/board/index.html

 

Board Archives -

https://cve.mitre.org/community/board/archive.html#meeting_summaries

https://cve.mitre.org/community/board/archive.html#board_mail_list_archive

 

CVE News page article -

https://cve.mitre.org/news/archives/2017/news.html#October262017_Minutes_from_CVE_Board_Teleconference_Meeting_on_October_18_Now_Available

 

---------------------------------------------------------------

Follow us on LinkedIn and Twitter

 

Please follow us on Twitter for the latest from CVE:

 

* Feed of the latest CVE Entries -

https://twitter.com/CVEnew/

 

* Feed of news and announcements about CVE -

https://twitter.com/CVEannounce/

 

Please also visit us on LinkedIn to more easily comment on our news articles and CVE Blog posts:

 

* CVE-CWE-CAPEC on LinkedIn -

https://www.linkedin.com/company/11033649

 

* CVE Blog -

https://cve.mitre.org/blog/

 

---------------------------------------------------------------

Details/Credits + Subscribing and Unsubscribing

 

To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the message to: listserv@lists.mitre.org. To subscribe, send an email message to listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".

 

CVE is sponsored by US-CERT (https://www.us-cert.gov/) in the office of Cybersecurity and Communications (https://www.dhs.gov/office-cybersecurity-and-communications/) at the U.S. Department of Homeland Security (https://www.dhs.gov/).

 

Copyright 2017, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. MITRE (https://www.mitre.org) maintains CVE and provides impartial technical guidance to the CVE Board and CVE Numbering Authorities on all matters related to ongoing development of CVE.

 

For more information about CVE, visit the CVE website at https://cve.mitre.org or send an email to cve@mitre.org.

 

Posted by at No comments:
Subscribe to: Comments (Atom)