'become your own CNA' - we can help with that .... Jim
On Sat, 26 Aug 2023 at 19:50, Daniel Stenberg via curl-library <curl-library@lists.haxx.se> wrote: > > On Sat, 26 Aug 2023, Daniel Stenberg via curl-library wrote: > > > Step one. A blog post with some details: > > Other things I've done: > > - I've pushed my blog post on social media to distribute awareness. > > - I pull strings to get the CVE rejected. It is such a weird system so we > can't easily see which CNA that assigned the Id. Some language on the NVD > site made me think it was done by MITRE itself but I cannot find any > public > way to contact MITRE to get a CVE rejected. For any reason. > > - I wrote up an information page about this bogus CVE on the curl site: > https://curl.se/docs/CVE-2020-19909.html > > Several people have told me that the only effective means that exist against > abusive CVE filings like this, is to become your own CNA as then you can > apparently "lock" your product to only be possible to get CVEs assigned from > your own CNA. I will look into this option. > > -- > > / daniel.haxx.se > | Commercial curl support up to 24x7 is available! > | Private help, bug fixes, support, ports, new features > | https://curl.se/support.html > -- > Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library > Etiquette: https://curl.se/mail/etiquette.html -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
