Become a Mitre CNA

In order to publish CVE’s for OpenSearch (and OpenDistro) I propose that Amazon/AWS (or any governance organization which is supposed to govern OpenSearch later) become a CNA (CVE Numbering Authority) with MITRE. I think its very important to create CVE’s for security issues within OpenSearch to maintain trust and transparency.

BTW: Just wondering that Amazon/AWS is not already listed as CNA for their products (for example: OpenDistro or Corretto) see List of CNA’s

2 Likes