Colleagues, The CVE Program is preparing for the deployment of the CVE Record Submission and Upload Service (RSUS)<https://cveproject.github.io/automation-cve-services#services-overview>, and an updated data format (i.e., CVE JSON 5.0<https://cveproject.github.io/automation-cve-services#json-overview>).
The program thanks those of you who participated in previous milestones (e.g., early adoption of the CVE ID Reservation, CVE Services Requirements collection, CVE Services code development and review, Penetration Testing and Security analysis) as we move forward with development, testing, and deployment. A request for continued support: CVE Services 2.1 Penetration Testing II, July 18-July 29 We performed Penetration Testing on CVE Services 2.1<https://cveproject.github.io/automation-cve-services#services-overview> in March 2022, during which we identified issues that must be addressed prior to RSUS and JSON 5.0 deployment. Beginning July 18 (and running through July 29) we will be engaging in another round of community penetration testing to achieve a level of assurance necessary to deploy. The program needs your help! The community is an integral part of building assurance and previously made substantial contributions from a testing perspective. If you have interest, contact the AWG Chair Kris Britton<mailto:rbrit...@mitre.org> and he will get you the information you need to get started. If you cannot participate in the Penetration Testing II event, you can still get familiar with CVE Services 2.1 CVE Services 2.1 will be a major upgrade to CVE Services 1.1.1 as it will provide the API for "client applications" to not only reserve CVE IDs in "near real time" and manage your own "user base" but it will also support the automated submission and update of CVE Records. When it is deployed, CNAs will be able "Post" records immediately to the CVE List with the records being available to the public in near real-time. Contact AWG Chair Kris Britton<mailto:rbrit...@mitre.org> if you have interest in either of the following: * Using the "CVE Services Testing Instance" to test your client for CVE Services 2.1. * Joining the CVE Automation Working Group (AWG)<https://www.cve.org/ProgramOrganization/WorkingGroups>, which meets every Tuesday to discuss requirements, status, and all things related to CVE Services. Comments or Concerns Please respond to this email message or use the CVE Program Web Forms<https://cveform.mitre.org/> (select the "Other" form) to contact us with any comments or concerns.