Re: CVE for DSS spec

[Chet Ensign <chet.ensign@oasis-open.org>]

Hi Andreas,Â

We (the Board Process Committee to be precise) is working on a process document now. I'm happy to share the working draft if you'd like to review it.Â

When you say "file it officially," do you mean that the TC has already developed the fix and that you want to announceÂit in one of the vulnerability databases?Â

/chet

On Sun, May 17, 2020 at 12:46 PM Andreas Kuehne <kuehne@trustable.de> wrote:

Hi Chet,


we already discussed the topic soe time ago: The DSS core V1.0 has a
vulnerability and we like to file it officially. Is there an official
OASIS process for it? If not, I would suggest that we add a remark
including the link to the explaination & mitigation document and the CVE
at a prominent place on the TC home page and at the standards download
section.


Gretings,


Andreas

--
Andreas KÃhne

Chair of OASIS DSS-X

phone: +49 177 293 24 97
mailto: kuehne@trustable.de

Trustable Ltd. Niederlassung Deutschland Gartenheimstr. 39C - 30659 Hannover Amtsgericht Hannover HRB 212612

Director Andreas KÃhne

Company UK Company No: 5218868 Registered in England and Wales

--

/chetÂ
----------------

Chet Ensign

Chief Technical Community Steward
OASIS: Advancing open source & open standards for the information society
http://www.oasis-open.org

Mobile: +1 201-341-1393Â