"routinely report MITRE is responsive"
So what's the problem?
Security man David Jorm has started giving important bugs names, logos and even websites, because MITRE won't assign them Common Vulnerabilities and Exposures (CVE) numbers. CVE numbers are the tags assigned to bugs and are designed to help the security industry ensure that they're all fixing the same problem. Jorm, of Console …
Part of that may be due to how less recognized outfits often hype meaningless bugs trying to get attention for themselves. If you have a bug that requires multiple steps of stupidity and simply leaks information that others have on you anyway, it isn't deserving of a CVE.
Sad that researchers coming up with real bugs are having problems because of this, but if MITRE is trying to be responsible about only assigning them for real vulnerabilities the issue is more that the people doing that aren't recognizing stuff too well. If they're unsure, they should write an article at the Register about the bug. If it turns out to be nothing, generally the commentards have picked it apart pretty conclusively in a matter of hours!
Biting the hand that feeds IT © 1998–2019