|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Proposal: CVE candidate/approved numbering scheme
1. Mitre (or Mitre-controlled automatic mechanism) should fill in all CMEX fields for Candidates. There's no need for this to be left to the proposer (and we probably don't want to leave it to them either). - name (automatic) - creation date (automatic) - id/name of the CNA who proposed it (based on site access ID - Login/SMIME Cert/PGPkey?) - status (always PENDING) - status explanation (blank - filled in after discussion) 2. There needs to be some mechanism for easily retrieving numerous CAN-numbers. (i.e. we do not want to have to repeatedly hit a "Submit" button on a web page to generate 10 numbers for reservation). 3. When the CVE is searched with a CAN-number, it should return a link to the CAN-webpage *if* the CAN-number has been assigned. No point frustrating folks by saying it doesn't exist on one page to have them search again on another. 4. The results of an enquiry for a CAN-number on the CAN-webpage should provide a contact to the proposer. (i.e. imagine a vendor who has been told about some CAN-number by some 3rd party and wants to get involved in the discussion to provide a fix) Your status field definitions could probably use some discussion, but for the sake of time to implementation, we can defer that until we get rolling. Cheers, Russ - NTBugtraq Editor
|
||||
