|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: Candidate numbering scheme
Russ wrote: > This works well if CAN-01-1999051401 becomes CVE-01-1999051401 when and > if its accepted as a CVE. I do not think it should get some other > number, or else we'll have to include a reference to the CAN number in > the CVE. I like it. Assuming that MITRE is assigned the id of 00 and assuming that the release date of the CVE is 23 June (and issue that is not yet decided) we could easily convert our current numbering scheme to the new scheme as follows OLD NEW CVE-1 CVE-00-199906231 CVE-2 CVE-00-199906232 CVE-3 CVE-00-199906233 etc... One worry: Is 2 digits enough for the editor ID? I would suggest simply relying on the dash to seperate the field. Yet another worry: One somewhat non-technical but very important use of the CVE names *may* be to facilitate human to human discussions. To this end, talking about CVE-2317 is much more natural than discussing good'ol CVE-14-200309153. Ugg. Final thought. I personally think the number scheme issue is a sticky wicket. And I would suggest that we need to be particularly careful to keep our eye on the ball. To be clear, I think the ball is to get a reasonable CVE out in the public. Do we need to solve this problem before public release? Is this a "nice to have" and not a "must have"? If it is a "must have" then lets settle it. Dave
|
||||
