|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2021-04-07 23:03:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
[$] Resurrecting DWF
Five years ago, we looked at an effort to
assist in the assignment of Common
Vulnerabilities and Exposures (CVE) IDs, especially for open-source
projects.
Developers in the free-software world have often found it difficult to
obtain CVE IDs for the vulnerabilities that they find.
The Distributed Weakness
Filing (DWF) project was meant to reduce the friction in the
CVE-assignment process, but it never really got off the ground. In a blog
post, Josh Bressers said that DWF was hampered by trying to follow the
rules for CVEs. That has led to a plan to restart DWF, but this time without the
"yoke of legacy CVE".
Five years ago, we looked at an effort to
assist in the assignment of Common
Vulnerabilities and Exposures (CVE) IDs, especially for open-source
projects.
Developers in the free-software world have often found it difficult to
obtain CVE IDs for the vulnerabilities that they find.
The Distributed Weakness
Filing (DWF) project was meant to reduce the friction in the
CVE-assignment process, but it never really got off the ground. In a blog
post, Josh Bressers said that DWF was hampered by trying to follow the
rules for CVEs. That has led to a plan to restart DWF, but this time without the
"yoke of legacy CVE".
