Art,

I concur with your point and path forward.

Cheers,
Jay

-----Original Message-----
From: Art Manion <aman...@cert.org> 
Sent: Thursday, August 19, 2021 9:47 PM
To: Chandan B.N. <cnandakum...@paloaltonetworks.com>; CVE Editorial Board 
Discussion <cve-editorial-board-list@mitre.org>
Subject: Re: public reference requirement

CAUTION: This email originated from outside of DHS. DO NOT click links or open 
attachments unless you recognize and/or trust the sender. Contact your 
component SOC with questions or concerns.


On 2021-08-18 16:58, Chandan B.N. wrote:
> This is no different than how Twitter users are seen as being responsible for 
> their tweets and not Twitter Inc.,

I was trying to not bring this up :)

I'd say Twitter is much more of a platform with highly independent contributors 
than the CVE Program currently is.  Twitter might not be a common carrier ISP, 
but CVE is not a social media platform.

The author needs to bear responsibility for errors or bad behavior and having 
only a CVE entry (today) is too much of a proxy.  Responsibility is arguably 
more important than the content.

I think the program has moved and is moving towards being more "content 
neutral" -- the upcoming Services and potential ADP pilot are moves in that 
direction.  I'm confident we can sort out some of the content quality 
requirements, we need more CNA identity in place.

I'll propose to table this for a year?

Regards,

  - Art

Reply via email to