RE: Candidate numbering scheme discussion - summary so far
-----BEGIN PGP SIGNED MESSAGE-----
Sorry to be a latecomer to this group, missed SANS, releases will play
hell with a schedule. I have been doing a very quick review of all
the info from MITRE that Steve has so graciously forwarded as well as
I lean toward Russ's view on the scheme. I would like to be able to
reference the CVE number in our vulnerability description but it needs
to be fairly stable. Frequent changes require maintenance and
maintenance requires time and time....you know...
A candidate number would be important for initial reference and
tracking purposes and changing it to an actual CVE number wouldn't
require much to update.
I feel the issue of the candidate number becoming the defacto "common"
name can be overcome when the "official" CVE number is assigned. At
least there will be a tracking mechanism in place to relate the final
CVE to the initial Candidate number.
Also, the shorter the number the better for common usage and
reference. A long convoluted numbering scheme becomes unwieldy and
may die off on its own. As long as it is a unique, easily referenced
number it doesn't have to be fancy, just workable.
Still catching up so look forward to more discussions
L-3 Network Security
Some day, on the corporate balance sheet, there will be
an entry which reads, "Information"; for in most cases
the information is more valuable than the hardware which
processes it. -- Adm. Grace Murray Hopper, USN Ret.
- -----Original Message-----
From: Steven M. Christey [mailto:email@example.com]
Sent: Tuesday, May 18, 1999 8:17 PM
Subject: Candidate numbering scheme discussion - summary so far
I made up a summary of the candidate numbering scheme discussion and
included it below. Any errors are mine. It seems to me that the
"right answer" isn't too far away. In the next day or two, Dave and I
will probably propose something based on the discussions so far. As
an indicator of what our proposal might look like - if you had any big
disagreements with Russ' last email, better speak up now ;-)
- - Steve
Candidate Numbering Schemes/Etc.
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2
-----END PGP SIGNATURE-----