Shostack + Friends Blog Archive

 

CVE Content Decisions

steve-christey.jpg
The fine folks at MITRE have published “CVE Abstraction Content Decisions: Rationale and Application:”

This document is intended for use by Candidate Numbering Authorities (CNAs)and may be of interest to vulnerability researchers, maintainers of vulnerability databases and other CVE-compatible products and services, and technical consumers of vulnerability information on a large scale.

Via OSVDB Blog, because somehow someone (pictured) didn’t tell the editorial board.