Colleagues,

CVE Services 
2.1<https://cveproject.github.io/automation-cve-services#services-overview>/CVE 
JSON 5.0<https://cveproject.github.io/automation-cve-services#json-overview> 
Soft Deploy will occur during the entire month of October with Phase 1 
beginning on October 3 and Phase 2 occurring during the last week of October. 
See Transition Bulletin 
#9<https://cveproject.github.io/automation-transition#bulletin-number-9> for a 
full description of all the Soft Deploy phases and how to prepare.
Overview
Phase 1 of soft deployment-to release CVE Services-IDR 2.1-began today on 
October 3, 2022, at 1:00 p.m. EDT. Entering Phase 1 will take approximately 48 
hours, completing on October 5. During this time, the CVE Program will convert 
the current CVE JSON 4.0 repository to CVE JSON 5.0, upgrade the software, and 
perform validation.
During this 48-hour period, the system will be taken "offline" and CVE ID 
assignment and posting CVE Records to the CVE List will be suspended.

CVE Records submitted during this time will be "queued" and advanced to the CVE 
List when the system is brought back "online."

We will make an announcement via this email list and on the CVE Services Slack 
Channel prior to taking the system down and again when we bring the system back 
up. Phase I marks the beginning of a significant transition for the CVE 
Program. You may see anomalies in processing data during the course of this 
transition. You can report anomalies/issues to CVE Services Slack Channel, 
which will be monitored from 9:00 a.m. to 5:00 p.m. EDT weekdays for technical 
support. In addition, you can report any anomalies for the CVE Program Web Form 
as well.
Phase 2 of soft deployment-to release CVE Services-RSUS 2.1-will take place 
during last week of October. An RSUS-specific deployment bulletin will be sent 
as we approach that date.
CVE Services 2.1 October Transition Description
The table below provides an overview for CNAs of what to expect in October. 
Post October "next steps" will be announced in future bulletins.
CVE ID Reservation/ CVE Record Uploading / User Registry Operations
Action
Now
Phase 1 Beginning October 5th
Phase 2 Beginning Last Week of October
Reserve CVE IDs
IDR 1.1
CVE Request Web Form
IDR 1.1 - DEPRECATED
IDR 2.1 - AVAILABLE
CVE Request Web Form
IDR 2.1 - AVAILABLE
CVE Request Web Form
Submit CVE Records
GitHub CVEList Pilot
CVE Request Web Form
GitHub CVEList Pilot
CVE Request Web Form
RSUS 2.1 with JSON 5.0 - AVAILABLE
GitHub CVEList Pilot
CVE Request Web
User Registry
(CNA manages its
CVE Services users)

IDR 1.1
IDR 1.1 - DEPRECATED
IDR 2.1 - REQUIRED

IDR 2.1 - REQUIRED

Save the date! - "CVE Services Workshop" Scheduled for November 2, 2022
CNAs should also make preparations to participate in the virtual "CVE Services 
Workshop<https://www.cve.org/Media/News/item/news/2022/08/30/CVE-Services-Workshop-for-CNAs>"
 for CNAs to learn how to use CVE Services 2.1/CVE JSON 5.0 scheduled for 
November 2, 2022, from 10am to 2pm ET. We are considering holding a second live 
workshop for CNAs in Asia at a better time for them. If you are a CNA in Asia, 
please let us know if there is interest.
A registration link will be sent soon via the CNA Discussion List, so please 
watch for that email. There is no limit on the number of attendees that can 
participate from a CNA's organization.

Questions? Please use the CVE Request Web Forms<https://cveform.mitre.org/> and 
select "Other" from the dropdown.
Respectfully,
CVE Program Secretariat
cve-prog-secretar...@mitre.org<mailto:cve-prog-secretar...@mitre.org>

[A picture containing text, clipart  Description automatically generated]


Reply via email to