[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New CNAs

Just to confirm the Apache foundation will be a "Traditional" CNA, e.g. under MITRE directly, not under the DWF (in other words I want to confirm that they get their CVE blocks from MITRE)? Thanks.

On Wed, Aug 17, 2016 at 1:54 PM, Adinolfi, Daniel R <dadinolfi@mitre.org> wrote:



As you probably remember, Intel expressed an interest in becoming a CNA, and they have since been working through the on-boarding process. We are pleased to announce the Intel team is ready to assign CVE IDs, and we are adding them to the CNA list COB Friday. This CNA will cover Intel and McAfee products.


The Apache Software Foundation has been involved with CVE assignment through Red Hat and through a long history of vulnerability management. We are also adding them to the CNA list COB Friday. This CNA will cover all software developed under the Apache Software Foundation.


Both teams have shown that they understand the assignment process and know what content needs to be provided for creating useful descriptions.


Please let us know if you have any questions.




Daniel Adinolfi, CISSP

Lead Cybersecurity Engineer, The MITRE Corporation

CVE Communications and CNA Coordinator

Email: <dadinolfi@mitre.org>  Phone: 781-271-5774






Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com

Page Last Updated or Reviewed: August 22, 2016