Open EvansJonathan opened 7 years ago
+1. DWF includes the actual CVE Mentor that assigned it (e.g. an individual like "bobsmith@some.tld" or "security@example.org" where security@example.org is then expected to keep internal records).
Suggestion: Make [ASSIGNINGCNA] a required field. Add [ASSIGNINGCNA] to Appendix B including this description:
The [ASSIGNING CNA]: field should include the name of the assigning CNA. CNAs should use a consistent name to facilitate searches for CVE IDs that originate from them.
Would it be possible to backfill old CVE entries with the [Assigning CNA] field? I'm in the process of writing an academic paper on the topic (in the business field).
Thank you for your fantastic work, by the way.
GOAL: Track who reserved what CVE IDs. CHANGE: Should the original reservation entity or reservation chain be added to required data? OUTCOME: Regardless of the assigner, the entire Sub CNA/Root CNA chain of CVE ID reservations will be included in each CVE entry.