[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bringing other vendors into the CVE process




All:

Dave and I have been tasked to identify and bring in other security
tool vendors into the CVE process as early as possible, to ensure a
fair playing field (this is related to our requirement for vendor
neutrality).  Presently, we've been inviting those security tool
vendors that we've directly met, or through referrals from others.  If
you can think of another vendor that you believe should participate,
please let us know.

While we are still trying to define criteria for inviting a vendor, at
the very least, I believe we will need to include vendors who:
  - provide security tools that identify vulnerabilities directly
    (e.g. scanners) or indirectly (e.g. IDS systems that identify
    attempts to exploit vulnerabilities, but not IDSes that only do
    integrity checking or session recording)
  - are commercial entities
  - have some market presence in the U.S.
  - have tools that could be obtained by the general public

If you have actual points of contact, so much the better.  Below is
the current list.

Thanks,
- Steve



Participating vendors
---------------------
Axent
ISS
NAI
L-3
Netect
Cisco


Invited vendors (no response yet)
---------------------------------
Harris
Security Dynamics


Vendors not yet invited
-----------------------
(For these vendors, we haven't met them or been referred to them, or
they might not fit our definition of "invited vendor.")

NFR
Webtrends
Centrax

 
Page Last Updated: May 22, 2007