[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FW: Method to Request CVE IDs from MITRE Changing Soon

Quick question… While I think this is a great step towards better automation, has this new request process been communicated to the CNAs?  I am on the cve-cna-list and I don’t remember seeing this mentioned.  I have been traveling way too much but I do try to keep up…


If I am correct, I’d recommend we not use CVE Announce list for communicating items that, while not directly, have a potential indirect effect on CNAs. I understand this is targeted towards the general community but I would expect we should be letting the front line know so if asked or redirects are needed, they would know the correct way to request a specific CVE directly from MITRE.





Kent Landfield



From: <owner-cve-announce-list@lists.mitre.org> on behalf of "Sain, Joe" <jas@mitre.org>
Date: Tuesday, August 23, 2016 at 5:33 PM
To: cve-announce-list Common Vulnerabilities and Exposures/CVE Annou <cve-announce-list@lists.mitre.org>
Subject: Method to Request CVE IDs from MITRE Changing Soon


Welcome to the latest issue of the CVE-Announce e-newsletter. This email newsletter is designed to bring recent news about Common Vulnerabilities and Exposures (CVE), such as new compatible products, new website features, CVE in the news, etc. right to your email box. CVE is the standard for cyber security vulnerability names. The CVE Board provides oversight and input into CVE’s strategic direction, ensuring CVE meets the vulnerability identification needs of the technology community. CVE Numbering Authorities (CNAs) are major OS vendors, security researchers, and research organizations that assign CVE Identifiers (IDs) to newly discovered issues without directly involving MITRE in the details of the specific vulnerabilities, and include the CVE IDs in the first public disclosure of the vulnerabilities. Details on subscribing (and unsubscribing) to the email newsletter are at the end. Please feel free to pass this newsletter on to interested colleagues.


Comments: cve@mitre.org



CVE-Announce e-newsletter/August 23, 2016





1. IMPORTANT NOTICE: Method to Request CVE IDs from MITRE Changing Soon

2. Details/Credits + Subscribing and Unsubscribing





IMPORTANT NOTICE: Method to Request CVE IDs from MITRE Changing Soon


The method to request CVE IDs from MITRE will change on August 29, 2016. Using the new method, CVE ID requestors will complete a “CVE Request” web form when requesting a CVE ID from MITRE. The previous practice of submitting requests via email will be discontinued.


The new web form will make it easier for requestors to know what information to include in their initial request, and will enhance MITRE's ability to respond to those requests in a timely manner. User instructions will be available on the website and on the form itself. Upon completion of the form, the requestor will receive a confirmation message that the request was received and a reference number.


Please send any comments or concerns to cve@mitre.org.




Request a CVE ID -






CVE News page article –




Details/Credits + Subscribing and Unsubscribing


Managing Editor: Dan Adinolfi, Cyber Security Technical Center. Writer: Bob Roberge.

The MITRE Corporation (www.mitre.org) maintains CVE and provides impartial technical guidance to the CVE Board and CVE Numbering Authorities on all matters related to ongoing development of the CVE Program.


To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the message to: listserv@lists.mitre.org. To subscribe, send an email message to listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".


Copyright 2016, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. CVE is sponsored by US-CERT (www.us-cert.gov) in the office of Cybersecurity and Communications (www.dhs.gov/office-cybersecurity-and-communications) at the U.S. Department of Homeland Security (www.dhs.gov).


For more information about CVE, visit the CVE website at https://cve.mitre.org or send an email to cve@mitre.org.



Page Last Updated or Reviewed: August 24, 2016