* [cip-dev] Common Vulnerabilities and Exposures
@ 2016-11-18 11:43 Agustin Benito Bethencourt
0 siblings, 0 replies; only message in thread
From: Agustin Benito Bethencourt @ 2016-11-18 11:43 UTC (permalink / raw)
To: cip-dev
Hi,
one of the key parts of the maintenance work is to follow the Common
Vulnerabilities and Exposures (CVE)[1] and the fixes that comes out of
them, in this case, to the kernel.
We can check against CVE and commit lists from Debian[2]. Currently
there is no good distribution-neutral tracker for this and MITRE is not
that fast in publishing details of CVEs.
One step that Members can take is to identify the person within their
organizations that deal with low level security issues and put them in
contact with Ben so:
* They can provide input to Ben.
* Ben H. can explain them how a kernel in maintenance work in this regard.
A long term point for CIP Members is to get a CNA ID[3] and act as a CNA
or participate through a liaison if you do not want to dedicate people
to this.
[1] https://cve.mitre.org/about/faqs.html
[2] svn://scm.alioth.debian.org/svn/kernel-sec/
[3] https://cve.mitre.org/cve/cna.html
Best Regards
--
Agustin Benito Bethencourt
Principal Consultant - FOSS at Codethink
agustin.benito at codethink.co.uk
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2016-11-18 11:43 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-11-18 11:43 [cip-dev] Common Vulnerabilities and Exposures Agustin Benito Bethencourt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox