|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: Candidate numbering scheme
On Thu, May 13, 1999 at 03:40:58PM -0400, Steven M. Christey wrote: | | All: | | We seemed pretty much agreed that there should be a separate numbering | scheme for "candidate" vulnerabilities that are proposed to the input | forum. We might be able to have a mailing list which utilizes some | sort of ticketing system, but that would make it difficult to identify | multiple vulnerabilities in the same email. I propose a numbering | scheme such as: | | CAN-<id>-YYYYMMDDn | where <id> is an "official" ID that identifies the proposer, YYYYMMDD | is the year/month/date, and "n" separates multiple vulnerabilities | that the proposer um, proposes on the same date. The benefit of the | date in the ID is that we can immediately see which candidates are | getting "old." In the short term, the proposer could take the | responsibility for ensuring that their number is unique, and the | encoded date helps that. If N will become the CVE-N, I think this will work fine. Otherwise, we need to add references to CAN-NETECT-19990514A to CVE-00666 to reference the discussion that lead to its acceptance. Adam | In the longer term, it may be better to have an external mechanism | that proposers can access to get more arbitrary numbers that are | guaranteed to be unique. I believe that Russ and Adam may have some | ideas on such a mechanism. | | - Steve
|
||||
