Add a CVE Triage Checklist to the rules#40
Conversation
First draft of a triage guide in the rules
|
SPWG briefly discussed this today, in general terms of "companion documentation." Rough consensus in SPWG is that this is useful but should live separately from the official Rules document. |
|
Bump. Would love to get this in on the 4.2.0 release. |
This will ensure that precisely the people who need it will never find it. :/ |
|
Is a pointer good enough?
|
|
mwahhh okay. Yes. Sure. Let's do it. I can publish this triage in a gist or something. Or we can drop it in a triage.md in this repo so it'll get version tracked properly. |
|
Fixed @zmanion ? |
Hello, CVE! Please see this proposed update to the rules! It actually doesn't change or add or remove any rules, but instead, offers a cheat sheet for CNAs to answer basic questions of "should I write a CVE for this bug?"
We think it would be useful to incorporate this into the rules directly. I'll follow this up with a note to the CVE Board for discussion.