Hi,
How to get a CVE number as a community driven open source project
(OpenWrt)? We do not have a security department or a big company backing us.
Multiple security problems were reported to OpenWrt in the last few
months. We want to assign CVE numbers to these problems, but have
problems requesting numbers.
We contacted mitre in the past, but did not got a response within 2
weeks. Using github security advisories worked fine 2 months ago, we got
a CVE number in some days. Currently this does not work any more, we are
already waiting for 1 week.
How to get a CVE number?
We (OpenWrt) are a community driven open source project and got multiple
reports from individuals and organizations like OpenAI.
We requested multiple CVE Numbers on github for this project:
https://github.com/openwrt/odhcpd
Hauke
- [oss-security] How to request CVE numbers? Hauke Mehrtens
-
