{"id":329432,"date":"2023-08-29T19:26:00","date_gmt":"2023-08-29T19:26:00","guid":{"rendered":"http:\/\/itteacheritfreelance.hk\/wordpress\/?guid=a0e9acac7cd335caef2628bf54d00290"},"modified":"2023-08-29T19:26:00","modified_gmt":"2023-08-29T19:26:00","slug":"the-python-software-foundation-has-been-authorized-by-the-cve-program-as-a-cve-numbering-authority-cna","status":"publish","type":"post","link":"https:\/\/itteacheritfreelance.hk\/wordpress\/index.php\/2023\/08\/29\/the-python-software-foundation-has-been-authorized-by-the-cve-program-as-a-cve-numbering-authority-cna\/","title":{"rendered":"The Python Software Foundation has been authorized by the CVE Program as a CVE Numbering Authority (CNA)"},"content":{"rendered":"<p class=\"syndicated-attribution\"><meta name= \\\"keywords \\\" content= \\\"\u96fb\u5b50\u8a08\u7b97\u6a5f, \u6559\u80b2, IT \u96fb\u8166\u73ed,\u96fb\u8166\u88dc\u7fd2\uff0c \u96fb\u8166\u73ed\uff0c \u5bb6\u6559\uff0c \u79c1\u4eba\u8001\u5e2b\uff0c \u8cc7\u8a0a\u6280\u8853\uff0c \u7a0b\u5e8f\u8a2d\u8a08\uff0c \u96fb\u5b50\u8a08\u7b97\u6a5f\uff0c \u904a\u6232\uff0c \u860b\u679c\uff0c \u96fb\u5f71\uff0c \u8a08\u7b97\u6a5f\uff0c\u7de8\u78bc\uff0c Java\uff0c C\/C++\uff0c JavaScript\uff0c PHP\uff0c HTML\uff0c CSS\uff0c MySQL\uff0c mobile\uff0c Android\uff0c \u52d5\u6f2b\uff0c Python\uff0c teacher\uff0c \u88dc\u7fd2\uff0c \u96fb\u8166\u88dc\u7fd2 \u8cc7\u8a0a, \u7535\u5b50\u8ba1\u7b97\u673a, IT ,Game, apple, movie, Computer,student,Java,\u6559\u80b2, ,\u5b66\u751f, \u5b66\u4e60, learn, \u6559\u5b66,  Android, apple,anime, animation, \u4fe1\u606f\u6280\u672f, \u7a0b\u5e8f\u8bbe\u8ba1, \u79fb\u52a8\u7535\u8bdd, \u8cc7\u8a0a\u79d1\u6280,Game, Jeu, Juego,Call Of Duty ,\u4f7f\u547d\u53ec\u559a , \u6e38\u620f, \u7535\u5b50\u6e38\u620f,, \u591a\u4eba\u7535\u5b50\u6e38\u620f, \u7f51\u7edc\u6e38\u620f\uff0conline\uff0conline game, \u624b\u673a\u6e38\u620f, mobile \\\"><\/p>\n<p style=\"text-align: left;\">When a vulnerability is disclosed in software you&#8217;re depending on, the last thing you want is for the remediation process to be confusing or ad-hoc. Towards the goal of a more secure and safe Python ecosystem, the Python Software Foundation has been <a href=\"https:\/\/www.cve.org\/Media\/News\/item\/news\/2023\/08\/29\/Python-Software-Foundation-Added-as-CNA\">authorized by the CVE Program<\/a> as a CVE Numbering Authority (CNA).<\/p>\n<p style=\"text-align: left;\">Being authorized as a CNA is one milestone in the Python Software Foundation&#8217;s strategy to improve the vulnerability response processes of critical projects in the Python ecosystem. The <a href=\"https:\/\/www.cve.org\/PartnerInformation\/ListofPartners\/partner\/PSF\">Python Software Foundation CNA scope<\/a> covers <a href=\"https:\/\/github.com\/python\/cpython\">Python<\/a> and <a href=\"https:\/\/github.com\/pypa\/pip\">pip<\/a>, two<br \/>\nprojects which are fundamental to the rest of Python ecosystem.<\/p>\n<p style=\"text-align: left;\">By becoming a CNA, the PSF will be providing the following benefits to in-scope projects:<\/p>\n<ul style=\"text-align: left;\">\n<li style=\"text-align: left;\">Paid staffing for CNA operations rather than requiring volunteer time. <\/li>\n<li style=\"text-align: left;\">Quicker allocations of CVE IDs after a vulnerability is reported.<\/li>\n<li style=\"text-align: left;\">Involvement of each projects&#8217; security response teams during the reporting of vulnerabilities.<\/li>\n<li style=\"text-align: left;\">Richer published advisories and CVE Records including descriptions, metadata, and remediation information.<\/li>\n<li style=\"text-align: left;\">Consistent disclosures and publishing locations. <\/li>\n<\/ul>\n<p style=\"text-align: left;\">CNA operations will be staffed primarily by the <a href=\"https:\/\/pyfound.blogspot.com\/2023\/06\/announcing-our-new-security-developer.html\">recently hired Security Developer-in-Residence<\/a> Seth Michael Larson, Ee Durbin, and Chloe Gerhardson.<\/p>\n<p style=\"text-align: left;\">The PSF wants to help other Open Source organizations and will be sharing lessons learned and developing guidance on becoming a CNA and day-to-day operations.<\/p>\n<p style=\"text-align: left;\">To be alerted of newly published vulnerabilities in Python or pip, subscribe to the <a href=\"https:\/\/mail.python.org\/mailman3\/lists\/security-announce.python.org\/\" >security-announce@python.org mailing list<\/a> for security advisories. There is also a <a href=\"https:\/\/github.com\/psf\/advisory-database\">new advisory database<\/a> published to GitHub using the machine-readable <a href=\"https:\/\/ossf.github.io\/osv-schema\/\">Open Source Vulnerability<\/a> (OSV) format.<\/p>\n<p style=\"text-align: left;\">If you&#8217;d like to report a security vulnerability to Python or pip, the vulnerability disclosure policy is <a href=\"https:\/\/www.python.org\/dev\/security\">available on python.org<\/a>.<\/p>\n<p><span><a name='more'><\/a><\/span><\/p>\n<p style=\"text-align: left;\">The mission of the Common Vulnerabilities and Exposures (CVE\u00ae) Program is to<br \/>identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There<br \/>is one CVE Record for each vulnerability in the catalog. The vulnerabilities are<br \/>discovered then assigned and published by organizations from around the world<br \/>that have partnered with the CVE Program. Partners publish CVE Records to<br \/>communicate consistent descriptions of vulnerabilities. Information technology<br \/>and cybersecurity professionals use CVE Records to ensure they are discussing<br \/>the same issue, and to coordinate their efforts to prioritize and address the<br \/>vulnerabilities.<\/p>\n<p style=\"text-align: left;\">The Python Software Foundation (PSF) is the non-profit organization<br \/>\nbehind Python and PyPI. Our mission is to promote, protect, and advance<br \/>\nthe Python programming language, and to support and facilitate the<br \/>\ngrowth of a diverse and international community of Python programmers.<br \/>\nThe PSF supports the Python community using corporate sponsorships,<br \/>\ngrants, and donations. Are you interested in sponsoring or donating to<br \/>\nthe PSF so it can continue supporting Python and its community? Check<br \/>\nout our <a href=\"https:\/\/www.python.org\/psf\/sponsorship\/\">sponsorship program<\/a>, <a href=\"https:\/\/psfmember.org\/civicrm\/contribute\/transact\/?reset=1&amp;id=2\">donate directly here<\/a>, or contact our team!<\/p>\n\n<p class=\"syndicated-attribution\"><figure class= \\\"wp-block-image alignnone \\\"><img src= \\\"http:\/\/itteacheritfreelance.hk\/test\/wordpress\/wp-content\/uploads\/2016\/05\/logo2-2.png\\\" alt=\\\"IT\u96fb\u8166\u88dc\u7fd2 java\u88dc\u7fd2 \u70ba\u5927\u5bb6\u914d\u5c0d\u96fb\u8166\u88dc\u7fd2,IT freelance, \u79c1\u4eba\u8001\u5e2b, PHP\u88dc\u7fd2,CSS\u88dc\u7fd2,XML,Java\u88dc\u7fd2,MySQL\u88dc\u7fd2,graphic design\u88dc\u7fd2,\u4e2d\u5c0f\u5b78ICT\u88dc\u7fd2,\u4e00\u5c0d\u4e00\u79c1\u4eba\u88dc\u7fd2\u548cFreelance\u81ea\u7531\u5de5\u4f5c\u914d\u5c0d\u3002\\\"\/><figcaption>\u7acb\u523b\u8a3b\u518a\u53ca\u5831\u540d\u96fb\u8166\u88dc\u7fd2\u8ab2\u7a0b\u5427!<\/figcaption><\/figure>\r\n<\/br>Find A Teacher Form:\r\n<\/br>https:\/\/docs.google.com\/forms\/d\/1vREBnX5n262umf4wU5U2pyTwvk9O-JrAgblA-wH9GFQ\/viewform?edit_requested=true#responses\r\n<\/br><\/br>Email:\r\n<\/br>public1989two@gmail.com<br><br><br><br><br><br><br>\r\n<a href=www.itsec.hk style=color:#FFFFFF;>www.itsec.hk<\/a><br>\r\n<a href=\\\"www.itsec.vip\\\" style=color:#FFFFFF;>www.itsec.vip<\/a><br>\r\n<a href=\\\"www.itseceu.uk\\\" style=color:#FFFFFF;>www.itseceu.uk<\/a><br><\/p>","protected":false},"excerpt":{"rendered":"<div class=\"mh-excerpt\"><p>When a vulnerability is disclosed in software you&#8217;re depending on, the last thing you want is for the remediation process to be confusing or ad-hoc. Towards the goal of a more secure and safe Python ecosystem, the Python Software Foundation has been au&#8230;<\/p>\n<\/div>","protected":false},"author":2051,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"slim_seo":{"title":"The Python Software Foundation has been authorized by the CVE Program as a CVE Numbering Authority (CNA) - ITTeacherITFreelance.hk","description":"When a vulnerability is disclosed in software you're depending on, the last thing you want is for the remediation process to be confusing or ad-hoc. Towards the"},"footnotes":""},"categories":[10700],"tags":[],"_links":{"self":[{"href":"https:\/\/itteacheritfreelance.hk\/wordpress\/index.php\/wp-json\/wp\/v2\/posts\/329432"}],"collection":[{"href":"https:\/\/itteacheritfreelance.hk\/wordpress\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/itteacheritfreelance.hk\/wordpress\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/itteacheritfreelance.hk\/wordpress\/index.php\/wp-json\/wp\/v2\/users\/2051"}],"replies":[{"embeddable":true,"href":"https:\/\/itteacheritfreelance.hk\/wordpress\/index.php\/wp-json\/wp\/v2\/comments?post=329432"}],"version-history":[{"count":1,"href":"https:\/\/itteacheritfreelance.hk\/wordpress\/index.php\/wp-json\/wp\/v2\/posts\/329432\/revisions"}],"predecessor-version":[{"id":329433,"href":"https:\/\/itteacheritfreelance.hk\/wordpress\/index.php\/wp-json\/wp\/v2\/posts\/329432\/revisions\/329433"}],"wp:attachment":[{"href":"https:\/\/itteacheritfreelance.hk\/wordpress\/index.php\/wp-json\/wp\/v2\/media?parent=329432"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/itteacheritfreelance.hk\/wordpress\/index.php\/wp-json\/wp\/v2\/categories?post=329432"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/itteacheritfreelance.hk\/wordpress\/index.php\/wp-json\/wp\/v2\/tags?post=329432"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}