Security Working Group meeting 2021-12-22 - results
Joseph Reynolds
jrey at linux.ibm.com
Thu Dec 23 05:52:57 AEDT 2021
Community,
The OpenBMC security working group held a meeting today. (Sorry I
missed sending a meeting announcement.) We discussed the projects
progress toward becoming CVE Numbering Authority (CNA) with Mitre.
Meeting held 2021-12-22:
Attendance: Joseph R, James M, Dhananjay P
This meeting had low attendance because of the holiday season.
1 CVE Numbering Authority (CNA) onboarding
Discussion
The CNA training session was held. We are working on the homework now
(creating dummy CVEs). We found this tool easy to use: vulnogram.github.io
TODO: Document new procedures and guidance for the OpenBMC Security
Response Team to follow when working as a CNA.
TODO: Create a test issue under
https://github.com/openbmc/security-response/issues
<https://github.com/openbmc/security-response/issues>
And see if it leaks out into public communication channels, then start
writing up old vulnerabilities.
More information about the openbmc
mailing list