Closed j--- closed 2 months ago
Nice catch @j--- , We had already discussed this internally and did not create an issue as yet. The plan is entirely point to the CVE Program Guidelines and easy chart workflows shown by Mitre here for Non-CNA's. Should hopefully resolve that.
We're most likely going to just drop the page entirely and just point to the CVE docs directly where appropriate
Is your feature request related to a problem? Please describe.
The text on https://vuls.cert.org/confluence/display/Wiki/CVE+IDs+and+How+to+Obtain+Them is outdated
Describe the solution you'd like While MITRE is a Root CNA and a CNA of last resort, it no longer runs the CVE program. It acts as the Secretariat for the Board, but the board is independent and MITRE has transitioned formal operations of the CVE program to the board.
There are also now hundreds of CNAs and that number is growing rather quickly, I expect that is a material change since this text was written. So the tone should probably shift from "there are a small number of CNAs" to something more like there are a number of CNA's and the CVE program encourages organizations that regularly interact with CVE assignment to contact their Root CNA to become a CNA themselves.
Describe alternatives you've considered I think leaving it alone is probably not factually correct any longer; it was correct when written but the world has changed since then.