Shostack + Friends Blog Archive


CVE Content Decisions

The fine folks at MITRE have published “CVE Abstraction Content Decisions: Rationale and Application:”

This document is intended for use by Candidate Numbering Authorities (CNAs)and may be of interest to vulnerability researchers, maintainers of vulnerability databases and other CVE-compatible products and services, and technical consumers of vulnerability information on a large scale.

Via OSVDB Blog, because somehow someone (pictured) didn’t tell the editorial board.