|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Candidate numbering scheme discussion - summary so far
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Sorry to be a latecomer to this group, missed SANS, releases will play hell with a schedule. I have been doing a very quick review of all the info from MITRE that Steve has so graciously forwarded as well as this summary. I lean toward Russ's view on the scheme. I would like to be able to reference the CVE number in our vulnerability description but it needs to be fairly stable. Frequent changes require maintenance and maintenance requires time and time....you know... A candidate number would be important for initial reference and tracking purposes and changing it to an actual CVE number wouldn't require much to update. I feel the issue of the candidate number becoming the defacto "common" name can be overcome when the "official" CVE number is assigned. At least there will be a tracking mechanism in place to relate the final CVE to the initial Candidate number. Also, the shorter the number the better for common usage and reference. A long convoluted numbering scheme becomes unwieldy and may die off on its own. As long as it is a unique, easily referenced number it doesn't have to be fancy, just workable. Still catching up so look forward to more discussions Mike Prosser *************************** L-3 Network Security - ---------------------- Some day, on the corporate balance sheet, there will be an entry which reads, "Information"; for in most cases the information is more valuable than the hardware which processes it. -- Adm. Grace Murray Hopper, USN Ret. - ---------------------- - -----Original Message----- From: Steven M. Christey [mailto:coley@linus.mitre.org] Sent: Tuesday, May 18, 1999 8:17 PM To: cve-review@linus.mitre.org Subject: Candidate numbering scheme discussion - summary so far All: I made up a summary of the candidate numbering scheme discussion and included it below. Any errors are mine. It seems to me that the "right answer" isn't too far away. In the next day or two, Dave and I will probably propose something based on the discussions so far. As an indicator of what our proposal might look like - if you had any big disagreements with Russ' last email, better speak up now ;-) - - Steve Candidate Numbering Schemes/Etc. - -------------------------------- - -----------snip----8<--------8<----- -----BEGIN PGP SIGNATURE----- Version: PGP 6.0.2 iQA/AwUBN0LW2BIUaHPadf5hEQJibgCZAZ+FtJUmZtHMf5+csbaSX438cl4An1dq OIoD/fNu7GYk4OsM5XTzyafl =rZ63 -----END PGP SIGNATURE-----
|
||||
