RE: Proposal: CVE candidate/approved numbering scheme
>Just exactly why would you need CAN-numbers in bulk? The most
>vulnerabilities I've ever seens any one organization publish in
>a single day has been three or four.
Whenever a new CNA comes on board, they are likely to believe they will
have a number of Candidates that are not already in the CVE. They may
also prefer to have numbers ready in advance of a discovery just to
avoid having to pick them up one at a time. I am not imagining that
every CNA will want hundreds of numbers at their finger-tips, but their
internal mechanisms may dictate that they have some on hand.
It was just a suggetion to allow the mechanism to scale to any demand
rather than to assume they'll always be a one-to-one relationship
between discovery and picking up a CAN number.
Not crucial, just a nice-to-have.
Russ - NTBugtraq Editor