|
|
|
|
|
|
by jlgaddis
1990 days ago
|
|
|
> When we or a real security researcher request a CVE for a real problem as an organization it often takes weeks till we get it, we released some security updates without a CVE, because we didn't want to wait so long. From your point of view, I'm sure that's probably quite frustrating. From my point of view (as a user), that's completely absurd, should never happen, and is a huge deficiency in the CVE program. Fortunately, it's possible for the OpenWRT project to become a CNA [0] and gain the ability to assign CVE IDs themselves. See "Types" under "Key to CNA Roles, Types, and Countries" [1]: > Vendors and Projects - assigns CVE IDs for vulnerabilities found in their own products and projects. -- [0]: https://cve.mitre.org/cve/cna.html#become_a_cna [1]: https://cve.mitre.org/cve/request_id.html#key_cna_roles_and_... |
|
|