Security Working Group meeting 2021-12-22 - results

Joseph Reynolds jrey at
Thu Dec 23 05:52:57 AEDT 2021


The OpenBMC security working group held a meeting today.  (Sorry I 
missed sending a meeting announcement.)  We discussed the projects 
progress toward becoming CVE Numbering Authority (CNA) with Mitre.

Meeting held 2021-12-22:

Attendance: Joseph R, James M, Dhananjay P

This meeting had low attendance because of the holiday season.

1 CVE Numbering Authority (CNA)  onboarding


The CNA training session was held.  We are working on the homework now 
(creating dummy CVEs).  We found this tool easy to use:

TODO: Document new procedures and guidance for the OpenBMC Security 
Response Team to follow when working as a CNA.

TODO: Create a test issue under 

And see if it leaks out into public communication channels, then start 
writing up old vulnerabilities.

More information about the openbmc mailing list