Stream: Security and Privacy
Topic: CVE Database
James Agnew (Oct 02 2020 at 13:13):
Sorry for the not-directly-related-to-fhir question, but I figure this community might have insight.
Does anyone have any contacts or knowledge of what's going on with the Mitre CVE team? I requested a number for a vulerability that was reported and fixed in HAPI back in early August and they still haven't acted on it, nor have they answered any of my emails asking if anything is holding them up. I'm curious if they have put their work on hold for COVID or something...
Jens Villadsen (Oct 02 2020 at 13:28):
@Mark Kramer - you're a mighty mitre man - would you know who to contact?
Mark Kramer (Oct 02 2020 at 13:31):
I can follow up for you @James Agnew . Offhand I don’t know why they haven’t responded.
John Moehrke (Oct 02 2020 at 13:50):
possibly they are unaware of what 'hapi' is, they do tend to focus on broadly known software. we need to be humbled that although hapi is everything in our world, it is nothing to the broader world.
John Moehrke (Oct 02 2020 at 13:51):
thus, they just need to be educated that it is a big deal, and due to patient data is even bigger
John Moehrke (Oct 02 2020 at 13:52):
wait till they learn of sushi
Mark Kramer (Oct 06 2020 at 20:36):
@James Agnew can you provide the details of the request? They are trying to track it down and need any information you can provide.
James Agnew (Oct 07 2020 at 16:17):
@Mark Kramer really appreciate you digging into this!
The request has request ID 941680 - I'm assuming they should be able to find it with that, but let me know if other details are needed.
James Agnew (Oct 08 2020 at 14:04):
Looks like it worked @Mark Kramer , CVE number is being assigned. Gracias!
I'll make an announcement about the actual vuln on Zulip as soon as the number is live.
Mark Kramer (Oct 08 2020 at 14:59):
Happy to help.
Last updated: Apr 12 2022 at 19:14 UTC
