RE: The nomenclature process in other fields
-----BEGIN PGP SIGNED MESSAGE-----
As we discovered in the last DataBase Vulnerability Working Group at
Spaf's place, a taxonomy is more than we want to do. On the other
hand the convention selected needs to be precise enough to
differentiate between similar but different vulnerabilities.
- -----Original Message-----
From: Gene Spafford [mailto:firstname.lastname@example.org]
Sent: Wednesday, May 19, 1999 11:24 AM
To: Craig Ozancin
Subject: RE: The nomenclature process in other fields
At 11:54 AM -0400 5/19/99, Craig Ozancin wrote:
> > enumeration != taxonomy
>True, But can we draw parallels between the two?
My former student, Ivan Krsul, had a long explanation about the
difference between the two in his Ph.D. thesis. Basically, we don't
have underlying morphological or ontological structures identified
that will allow us to come up with an unambiguous taxonomy at this
time. An enumeration is about the best we can hope for without
further research and insight into the nature of vulnerabilities (and
the policies on which they depend).
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2
-----END PGP SIGNATURE-----