You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CONTRIBUTING.md
+13-13
Original file line number
Diff line number
Diff line change
@@ -9,14 +9,14 @@ security researchers and other cybersecurity
9
9
community members. Until then, others who wish to contribute should
10
10
use the [CVE Request web form](https://cveform.mitre.org). If you are a sub-CNA you MUST push within your hierarchy first according to the rules within that hierarchy.
11
11
12
-
2. Only submit information to the MITRE cvelist repo that is intended to become public
12
+
2. Only submit information to the CVE Program cvelist repo that is intended to become public
13
13
immediately. There is **no support** for embargoed submissions!!
14
14
15
15
3. Understand that this is only a pilot - it could be changed
16
16
significantly or even halted.
17
17
18
18
4. Submissions should be made subject to the [CVE Submissions
19
-
License Terms of Use](https://cve.mitre.org/about/termsofuse.html).
19
+
License Terms of Use](https://www.cve.org/Legal/TermsOfUse).
20
20
21
21
5. It is **strongly recommended** that submissions use [signed
22
22
commits](https://help.github.com/articles/signing-commits-with-gpg/). Please note that some hierarchies require all submissions to be signed.
@@ -29,10 +29,10 @@ offers a web-based interface for creating and editing information
29
29
about one CVE at a time.
30
30
31
31
32
-
## Sending Data about CVE Records to MITRE
32
+
## Sending Data about CVE Records to the CVE Program
33
33
34
-
0. If you haven't done so already, create an account on Github.com
35
-
and fork the _cvelist_ repository from your parent CNA (e.g., if you are a Root you would fork [CVEProject/cvelist](https://github.com/CVEProject/cvelist/). You can either fork into your own account (e.g. from the command line this is the default), for example, if your account name
34
+
0. If you haven't done so already, create an account on GitHub.com
35
+
and fork the _cvelist_ repository (i.e., you would fork [CVEProject/cvelist](https://github.com/CVEProject/cvelist/)). You can either fork into your own account (e.g., from the command line this is the default), for example, if your account name
36
36
is `$YOU`, this will result in a new repo named $YOU/cvelist.
37
37
[**NB**: `$YOU` is used throughout the rest of this file; substitute
38
38
your own account name in any names, commands, URLs, etc.] You can also clone in to an organization
@@ -63,9 +63,9 @@ git push
63
63
We encourage you to include in that multiple, related updates whenever
64
64
possible. For example, if you publish monthly advisories, you might
65
65
name your branch `Nov-2017` and use that to send us assignment
66
-
information for all the CVE ids you assigned in that month. If
66
+
information for all the CVE IDs you assigned in that month. If
67
67
instead you publish advisories only as needed, you might name your
68
-
branch using the advisory id (eg, `SA-2017-11-03`) and include in
68
+
branch using the advisory id (e.g., `SA-2017-11-03`) and include in
69
69
that assignment information for the CVE ids you assigned for only
70
70
this one advisory. If you are working on multiple branches make sure you explicitly branch against master otherwise future branches may include work from other local branches:
71
71
@@ -103,15 +103,15 @@ The schema file is available in the [CVE Automation Working Group](https://githu
103
103
104
104
5.**Review your updates carefully** and make sure they contain
105
105
**only information you intend to make public**. Once those reach
106
-
Github.com, it's extremely difficult if not impossible to put it back
107
-
under wraps. For example, you may be able to check that every CVE id
106
+
GitHub.com, it's extremely difficult if not impossible to put it back
107
+
under wraps. For example, you may be able to check that every CVE ID
108
108
is mentioned in one of the references associated with it to avoid
109
109
making public information about a vulnerability ahead of schedule.
110
110
Also, review the details in the description. Do they agree with
111
111
information in the associated references?
112
112
113
-
6. Commit your changes (eg, `git commit -av`) and, if necessary, push
114
-
your branch from your local copy of your repo to Github.com (eg, `git
113
+
6. Commit your changes (e.g., `git commit -av`) and, if necessary, push
114
+
your branch from your local copy of your repo to GitHub.com (e.g., `git
115
115
push origin $YOUR_BRANCH`).
116
116
117
117
7. Create a pull request to merge the changes in your new branch into
@@ -125,14 +125,14 @@ the form. There are several fields that you need to worry about :
125
125
*`compare` is the branch in your repo where the changes are; eg, `$YOUR_BRANCH`
126
126
127
127
If you created your pull request using the URL above, make sure that
128
-
Github reports that the branches can be merged. If not, say because
128
+
GitHub reports that the branches can be merged. If not, say because
129
129
you forgot to ensure your fork was synched with the upstream master,
130
130
make additional commits in your branch to resolve the merge conflicts.
131
131
132
132
After a pull request has been submitted, several checks will be
133
133
launched automatically, such as to perform schema validation and check
134
134
ownership. The checks may add comments and labels to the pull request
135
-
and, by default, Github should notify you via email of those
135
+
and, by default, GitHub should notify you via email of those
136
136
automatically. If the checks identify issues, you will need to
0 commit comments