|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: The nomenclature process in other fields
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As we discovered in the last DataBase Vulnerability Working Group at Spaf's place, a taxonomy is more than we want to do. On the other hand the convention selected needs to be precise enough to differentiate between similar but different vulnerabilities. - -mike - -----Original Message----- From: Gene Spafford [mailto:spaf@cs.purdue.edu] Sent: Wednesday, May 19, 1999 11:24 AM To: Craig Ozancin Cc: cve-review@linus.mitre.org Subject: RE: The nomenclature process in other fields At 11:54 AM -0400 5/19/99, Craig Ozancin wrote: > > enumeration != taxonomy > >True, But can we draw parallels between the two? My former student, Ivan Krsul, had a long explanation about the difference between the two in his Ph.D. thesis. Basically, we don't have underlying morphological or ontological structures identified that will allow us to come up with an unambiguous taxonomy at this time. An enumeration is about the best we can hope for without further research and insight into the nature of vulnerabilities (and the policies on which they depend). - --spaf -----BEGIN PGP SIGNATURE----- Version: PGP 6.0.2 iQA/AwUBN0LoRhIUaHPadf5hEQLsdgCgw0A/gqGWrAfuG+hPemDs9DVYUeIAn39h 1Ip62HYOtPgwA7kjLygte3g6 =GvOz -----END PGP SIGNATURE-----
|
||||
