CVE Announce - March 23, 2016 (opt-in newsletter from the CVE Web site)
Welcome to the latest issue of the CVE-Announce e-newsletter. This email newsletter is
designed to bring recent news about CVE, such as new compatible products, new website
features, CVE in the news, etc. right to your email box. Common Vulnerabilities and
Exposures (CVE) is the standard for cyber security vulnerability names. CVE content is
approved by the CVE Editorial Board, which is comprised of leading representatives from
the information security community. CVE Numbering Authorities (CNAs) are major OS
vendors, security researchers, and research organizations that assign CVE Identifiers to
newly discovered issues without directly involving MITRE in the details of the specific
vulnerabilities, and include the CVE Identifiers in the first public disclosure of the
vulnerabilities. Details on subscribing (and unsubscribing) to the email newsletter are
at the end. Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/March 23, 2016
-------------------------------------------------------
Contents:
1. Status Update from the CVE Project
2. FOCUS ON: CVE Numbering Authorities (CNAs)
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
Status Update from the CVE Project
The recent explosion of Internet-enabled devices - known as the Internet of Things - as
well as the propagation of software-based functionality in systems has led to a huge
increase in the number of CVE requests we have been receiving on a daily basis. We did
not anticipate this rate of growth, and, as a result, were not as prepared for the
latest surge in requests over the past 12 months as we had hoped. The result has been
some of the delay in CVE assignments that the software security community has recently
witnessed.
We recognize the inconvenience that has resulted, and are working hard to come up with a
solution.
Last week, we proposed a possible option to our CVE Editorial Board, but some members
raised concerns about the approach, and we have withdrawn it from consideration. We are
working diligently to come up with a solution that will meet the needs of all the
various use cases of CVE.
Updates as they become available will be posted to https://cve.mitre.org/.
LINKS:
CVE List -
https://cve.mitre.org/cve/
CVE Editorial Board -
https://cve.mitre.org/community/board/
Questions -
cve@mitre.org
---------------------------------------------------------------
FOCUS ON: CVE Numbering Authorities (CNAs)
CVE Numbering Authorities, or CNAs, are the main method for requesting a CVE-ID number.
CNAs are major OS vendors, security researchers, and research organizations that assign
CVE-IDs to newly discovered issues without directly involving MITRE in the details of
the specific vulnerabilities, and include the CVE-ID numbers in the first public
disclosure of the vulnerabilities.
The following organizations currently participate as CNAs:
* Adobe (Adobe issues only)
* Apple (Apple issues only)
* Attachmate (Attachmate/Novell/SUSE/NetIQ issues only)
* BlackBerry (BlackBerry issues only)
* CERT/CC
* Cisco Systems, Inc. (Cisco issues only)
* Debian GNU/Linux (Linux issues only)
* EMC (EMC issues only)
* FreeBSD (primarily FreeBSD issues only)
* Google (Chrome, Chrome OS, and Android Open Source Project issues only)
* HP (HP issues only)
* IBM Corporation (IBM issues only)
* ICS-CERT
* JPCERT/CC
* Microsoft (Microsoft issues only)
* MITRE (primary CNA)
* Mozilla (Mozilla issues only)
* Oracle (Oracle issues only)
* Red Hat (Linux issues only)
* Silicon Graphics (SGI issues only)
* Symantec (Symantec issues only)
* Ubuntu Linux (Linux issues only)
A message about turnaround times for requesting CVE-ID numbers from MITRE is included
above as the Feature Story of this newsletter. For more information about requesting
CVE-ID numbers from CNAs, visit the CVE Numbering Authorities page on the CVE website at
https://cve.mitre.org/cve/cna.html.
LINKS:
CNAs -
https://cve.mitre.org/cve/cna.html
CVE-ID numbers -
https://cve.mitre.org/cve/identifiers/index.html#defined
CVE List -
https://cve.mitre.org/cve/
Questions -
cve@mitre.org
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* CVE Mentioned in Article about Three Critical Vulnerabilities in Symantec Endpoint
Protection on InfoWorld
* CVE Mentioned in Article about a Linux Kernel Vulnerability in Android on eWeek
Read these stories and more news at https://cve.mitre.org/news.
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Cyber Security Technical Center. Writer: Bob Roberge. The
MITRE Corporation (www.mitre.org) maintains CVE and provides impartial technical
guidance to the CVE Editorial Board and CVE Numbering Authorities on all matters related
to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the
following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the
message to: listserv@lists.mitre.org. To subscribe, send an email message to
listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE
CVE-Announce-List".
Copyright 2016, The MITRE Corporation. CVE and the CVE logo are registered trademarks of
The MITRE Corporation. CVE is sponsored by US-CERT (www.us-cert.gov) in the office of
Cybersecurity and Communications (www.dhs.gov/office-cybersecurity-and-communications)
at the U.S. Department of Homeland Security (www.dhs.gov).
For more information about CVE, visit the CVE website at https://cve.mitre.org or send
an email to cve@mitre.org.
