[openssl-project] CNA git experiment (just FYI no process changes at the moment)

Mark J Cox mark at awe.com
Tue Jan 23 10:18:33 UTC 2018

Mitre are testing a new way to submit CVE entries to them from CNAs
rather than us using the web form.  Instead you clone their github
repo, edit the json file for the CVE, and submit a PR back to them.
I've got a tool that converts our XML vulndb info into JSON already
and have been cleaning up the XML vulndb entries as well.   I'm going
to be experimenting with this, and have talked to Richard about the
right way to set this up, i.e. unlike our other repos this would be a
github-only repo.

So no changes right now to our current policy on dealing with CVEs and
the release-manager steps are unchanged for now, just don't be
suprised by the new repo in our github org.


More information about the openssl-project mailing list