ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Denis Magda <dma...@apache.org>
Subject Re: Product ID for Apache Ignite
Date Tue, 03 Jan 2017 17:52:18 GMT
Hi Mark,

I reached out both MITRE and cvedetails.com <http://cvedetails.com/> folks as you suggested
earlier. Below you can see the answer from MITRE. CVE guys have not replied yet.

One of the things suggested by MITRE is the following

> One last item to note is that Apache is a CVE CNA. You can find more information about
the CNA program at http://cve.mitre.org/cve/cna.html <http://cve.mitre.org/cve/cna.html>.
We realize that there are many Apache products, but you may want to investigate this and reach
out to the appropriate folks within Apache to not only share the CVE ID pool, but also potentially
communicate when vulnerabilities are found in Apache Ignite.

Do you guys keep in eye on all Apache vulnerabilities or subscribe to the updates? If so,
could you update Apache Ignite community every time an Ignite vulnerability has discovered?

Regards,
Denis

> On Dec 29, 2016, at 10:03 AM, Coffin, Chris <ccoffin@mitre.org> wrote:
> 
> Denis,
>  
> The cvedetails.com <http://cvedetails.com/> web site is not affiliated with MITRE
and you would need to contact them directly if you wanted to see a change in the URL you had
provided. The contact information for cvedetails.com <http://cvedetails.com/> can be
found at http://www.cvedetails.com/about-contact.php <http://www.cvedetails.com/about-contact.php>.
>  
> The MITRE CVE team does not currently provide any notifications for CVEs, but has considered
this in the recent past. One thought was to create a registry of product vendors that is used
for contact purposes when a CVE ID is published and affects the vendor. If this is something
that would be of interest to you, please let us know.
>  
> One last item to note is that Apache is a CVE CNA. You can find more information about
the CNA program at http://cve.mitre.org/cve/cna.html <http://cve.mitre.org/cve/cna.html>.
We realize that there are many Apache products, but you may want to investigate this and reach
out to the appropriate folks within Apache to not only share the CVE ID pool, but also potentially
communicate when vulnerabilities are found in Apache Ignite.
>  
> Regards,
>  
> Chris Coffin
> The CVE Team
>  
> From: Denis Magda [mailto:dmagda@apache.org] 
> Sent: Wednesday, December 28, 2016 3:18 PM
> To: Common Vulnerabilities & Exposures <cve@mitre.org>
> Cc: private@ignite.apache.org
> Subject: Fwd: Product ID for Apache Ignite 
>  
> Dear Sir/Madam,
>  
> I’m writing you on behalf of Apache Ignite [1] community to check if there is a way
to obtain a product ID for our project. The whole purpose of that is to be proactive by handling
vulnerabilities as soon as they appear in the CVE database. 
>  
> For instance, we can use services like that [2] to subscribe for vulnerabilities related
updates. To do that, both vendor ID and product ID have to be known. In our case the vendor
is 45 (Apache Foundation) while there is no product ID for Apache Ignite yet. 
>  
> Could you assist and register product ID for Apache Ignite?
>  
> [1] https://ignite.apache.org <https://ignite.apache.org/>
> [2] http://www.cvedetails.com/product-list/vendor_id-45/Apache.html <http://www.cvedetails.com/product-list/vendor_id-45/Apache.html>
>  
> Regards,
> Denis Magda
> Apache Ignite PMC Chair
> 
> 
> Begin forwarded message:
>  
> From: Mark Thomas <markt@apache.org <mailto:markt@apache.org>>
> Subject: Re: Product ID for Apache Ignite at CVE
> Date: December 12, 2016 at 9:01:58 AM PST
> To: private@ignite.apache.org <mailto:private@ignite.apache.org>
> Cc: security@apache.org <mailto:security@apache.org>
> Reply-To: private@ignite.apache.org <mailto:private@ignite.apache.org>
>  
> On 08/12/2016 01:59, Denis Magda wrote:
> 
> Hello,
> 
> I’m writing on behalf of Apache Ignite [1] community. We would like to
> register Apache Ignite in CVE database so that it appears in the list of
> Apache products [2] already registered there and has its own unique
> product ID.
> 
> Who can assist us with this or provide a guidance?
> 
> Sorry, not a clue.
> 
> I suspect updates are made as new products issue vulnerability
> announcements. cvedetails.com <http://cvedetails.com/> isn't part of Mitre so I
suggest you
> contact cvedetails.com <http://cvedetails.com/> directly with your query.
> 
> Mark
> 
> 
> 
> 
> 
> [1] https://ignite.apache.org <https://ignite.apache.org/>
> [2] http://www.cvedetails.com/product-list/vendor_id-45/Apache.html <http://www.cvedetails.com/product-list/vendor_id-45/Apache.html>
> 
> Regards,
> Denis


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message