Colleagues, CVE Services 2.1<https://cveproject.github.io/automation-cve-services#services-overview>/CVE JSON 5.0<https://cveproject.github.io/automation-cve-services#json-overview> Soft Deploy will occur during the entire month of October with Phase 1 beginning on October 3 and Phase 2 occurring during the last week of October. See Transition Bulletin #9<https://cveproject.github.io/automation-transition#bulletin-number-9> for a full description of all the Soft Deploy phases and how to prepare. Overview Phase 1 of soft deployment-to release CVE Services-IDR 2.1-began today on October 3, 2022, at 1:00 p.m. EDT. Entering Phase 1 will take approximately 48 hours, completing on October 5. During this time, the CVE Program will convert the current CVE JSON 4.0 repository to CVE JSON 5.0, upgrade the software, and perform validation. During this 48-hour period, the system will be taken "offline" and CVE ID assignment and posting CVE Records to the CVE List will be suspended.
CVE Records submitted during this time will be "queued" and advanced to the CVE List when the system is brought back "online." We will make an announcement via this email list and on the CVE Services Slack Channel prior to taking the system down and again when we bring the system back up. Phase I marks the beginning of a significant transition for the CVE Program. You may see anomalies in processing data during the course of this transition. You can report anomalies/issues to CVE Services Slack Channel, which will be monitored from 9:00 a.m. to 5:00 p.m. EDT weekdays for technical support. In addition, you can report any anomalies for the CVE Program Web Form as well. Phase 2 of soft deployment-to release CVE Services-RSUS 2.1-will take place during last week of October. An RSUS-specific deployment bulletin will be sent as we approach that date. CVE Services 2.1 October Transition Description The table below provides an overview for CNAs of what to expect in October. Post October "next steps" will be announced in future bulletins. CVE ID Reservation/ CVE Record Uploading / User Registry Operations Action Now Phase 1 Beginning October 5th Phase 2 Beginning Last Week of October Reserve CVE IDs IDR 1.1 CVE Request Web Form IDR 1.1 - DEPRECATED IDR 2.1 - AVAILABLE CVE Request Web Form IDR 2.1 - AVAILABLE CVE Request Web Form Submit CVE Records GitHub CVEList Pilot CVE Request Web Form GitHub CVEList Pilot CVE Request Web Form RSUS 2.1 with JSON 5.0 - AVAILABLE GitHub CVEList Pilot CVE Request Web User Registry (CNA manages its CVE Services users) IDR 1.1 IDR 1.1 - DEPRECATED IDR 2.1 - REQUIRED IDR 2.1 - REQUIRED Save the date! - "CVE Services Workshop" Scheduled for November 2, 2022 CNAs should also make preparations to participate in the virtual "CVE Services Workshop<https://www.cve.org/Media/News/item/news/2022/08/30/CVE-Services-Workshop-for-CNAs>" for CNAs to learn how to use CVE Services 2.1/CVE JSON 5.0 scheduled for November 2, 2022, from 10am to 2pm ET. We are considering holding a second live workshop for CNAs in Asia at a better time for them. If you are a CNA in Asia, please let us know if there is interest. A registration link will be sent soon via the CNA Discussion List, so please watch for that email. There is no limit on the number of attendees that can participate from a CNA's organization. Questions? Please use the CVE Request Web Forms<https://cveform.mitre.org/> and select "Other" from the dropdown. Respectfully, CVE Program Secretariat cve-prog-secretar...@mitre.org<mailto:cve-prog-secretar...@mitre.org> [A picture containing text, clipart Description automatically generated]
