|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: Candidate numbering scheme
>| CAN-<id>-YYYYMMDDn >| where <id> is an "official" ID that identifies the proposer, YYYYMMDD >| is the year/month/date, and "n" separates multiple vulnerabilities >| that the proposer um, proposes on the same date. The benefit of the >| date in the ID is that we can immediately see which candidates are >| getting "old." In the short term, the proposer could take the >| responsibility for ensuring that their number is unique, and the >| encoded date helps that. > >If N will become the CVE-N, I think this will work fine. Otherwise, >we need to add references to CAN-NETECT-19990514A to CVE-00666 to >reference the discussion that lead to its acceptance. I don't think we would be able to guarantee that any "n" would become CVE-N. When the "official" decision is announced for including a candidate into the CVE, it can link the candidate number(s) and the associated CVE numbers. A "summary" of outstanding candidates could be posted on a semi-regular basis. To ease sorting, perhaps it would be better to have the date appear earlier in the format, e.g. CAN-19990514-NETECT-A - Steve
|
||||
