Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

MITRE Puts Rapid CVE Assignment Pilot on Hold

In response to criticism from the CVE Editorial Board, the MITRE Corporation has decided to put a recently announced pilot program meant to address the need for rapid CVE assignments on hold.

In response to criticism from the CVE Editorial Board, the MITRE Corporation has decided to put a recently announced pilot program meant to address the need for rapid CVE assignments on hold.

After many researchers complained that they could not obtain Common Vulnerabilities and Exposures (CVE) identifiers for their flaws in a timely manner, MITRE announced that it would launch a pilot program on Monday, March 21, in an attempt to address the issue.

As part of this program, MITRE said it would start assigning federated CVE identifiers using a new format in order to clearly differentiate rapid-assignment IDs from traditional CVEs.

However, members of the CVE Editorial Board, including Red Hat’s Kurt Seifried and Intel Security’s Kent Landfield, pointed out that the new system would have a negative impact on existing CVE tools.

Earlier this month, Seifried proposed a new system, dubbed “Distributed Weakness Filing” (DWF), that would rely on the community to quickly assign CVE identifiers.

Joe Sain, CVE communications and adoption lead at MITRE, said on Friday that the pilot program has been put on “indefinite hold” as a result of the concerns raised with the proposed syntax.

“The pilot was designed to run in parallel and to be completely separate from the production CVE stream, but we certainly understand the importance of not perturbing any operating aspect of CVE,” explained Sain. “Our goal is to be responsive to the critical need for the no-description use case, but we must also ensure that we have the correct operating model.”

“We truly appreciate your feedback, and we are looking forward to developing an operating model that enables CVE to move forward and that preserves the foundational work that the community has put into the effort,” he added.

Advertisement. Scroll to continue reading.

Sain said MITRE plans on holding an Editorial Board meeting this week to discuss this issue and other concerns members of the board may have.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Shane Barney has been appointed CISO of password management and PAM solutions provider Keeper Security.

Edge Delta has appointed Joan Pepin as its Chief Information Security Officer.

Vats Srivatsan has been appointed interim CEO of WatchGuard after Prakash Panjwani stepped down.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.