Thought on requirements

30 views
Skip to first unread message

Olle E Johansson

unread,
May 9, 2025, 2:52:42 AM5/9/25
to c...@owasp.org
Friends,

As you know I’ve been working on a document to describe the path forward. One important part is the requirements on a new global platform. What are your thoughts? Are the ones I have (together with man others) written enough or is an important principle missing?

Please read through the requirements and give me feedback. Note that these are high level requirements, not discussing selection of protocols or discussing if we’re going to code in EBCDIC or XML. :-)

https://docs.google.com/document/d/1u6yPlCla7SO6YuHakjvmcGtcEmHdp-NANaqpTDTA7Q0/edit?usp=share_link

Let’s discuss!

/O

Josh Bressers

unread,
May 9, 2025, 8:52:23 AM5/9/25
to Olle E Johansson, c...@owasp.org
I love the idea, thanks Olle.

There are a lot of people chomping at the bit, and the clock is ticking (I'm operating under the assumption CVE as we know it will go away on March 16 2026, which is when the current contract option expires).

What's next?

--
     Josh

--
--
Please also join the conversation on OWASP's Slack. https://owasp.org/slack/invite  Join channel #cve-wg.
---
You received this message because you are subscribed to the Google Groups "CVE" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cve+uns...@owasp.org.
To view this discussion visit https://groups.google.com/a/owasp.org/d/msgid/cve/BEAC8A9D-ABC7-477F-97FE-9CE353CBA1FB%40owasp.org.

Olle E. Johansson

unread,
May 9, 2025, 9:48:18 AM5/9/25
to c...@owasp.org

Francesco Cipollone

unread,
May 9, 2025, 10:36:26 AM5/9/25
to Olle E Johansson, c...@owasp.org
Easier to comment and schedule a call? 

my comment, i would define an architecture, but even tackling small things like can replication or model can be overwhelming

CPE , PURL and other i agree is an old model but consider a lot of CNA do not report

there are legal implications that MITRE had no problem being gov backed 

Regards
Francesco Cipollone
CEO & Founder @ Phoenix Security
Download the latest whitepaper on NIS2 , DORA 
ACT Now on risk - Fix Vulnerabilities that matter most



--
--
Please also join the conversation on OWASP's Slack. https://owasp.org/slack/invite  Join channel #cve-wg.
---
You received this message because you are subscribed to the Google Groups "CVE" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cve+uns...@owasp.org.
To view this discussion visit https://groups.google.com/a/owasp.org/d/msgid/cve/BEAC8A9D-ABC7-477F-97FE-9CE353CBA1FB%40owasp.org.
Reply all
Reply to author
Forward
0 new messages