Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding

The Energy and Commerce Committee sent letters to MITRE and the Department of Homeland Security. They recommend some needed changes to the troubled CVE program. MITRE created the CVE database in 1999 as a means of standardizing the naming convention of disclosed vulnerabilities. Researchers were frustrated by the program, due to the fact it could take several weeks or months to get a CVE assigned. Some vulnerabilities were rejected outright, as they were viewed as being out of scope. Committee members suggested that this process be changed, urging DHS to transition the CVE program from a contract-based funding model to a PPA.”]

Source: https://www.csoonline.com/article/3300753/congress-pushes-mitre-to-fix-cve-program-suggests-regular-reviews-and-stable-funding.html

Something Fresh

Zip Codes & PII: Are They Personal Data?

ZeroNet: 51% Attack Risks & Mitigation

Zero Knowledge Voting with Trusted Server

What People Reading

YubiKey Security: Initial Setup with Yubi Cloud

Zero-Day Vulnerabilities: User Defence Guide

Feedback and data-driven updates to Googles disclosure policy

ZAP: Brute Force Passwords

Security Insider Interview Series: John McArthur, Senior Product Manager, IP Intelligence; and Rupert Young, Senior Director Software Engineering, Data Compilation and Identity, Neustar

Categories

Partners

Just add here your partners image or promo text