Re: Issues for configuration problems in the CVE

To: cve-editorial-board-list@lists.mitre.org
Subject: Re: Issues for configuration problems in the CVE
From: "Steven M. Christey" <coley@linus.mitre.org>
Date: Fri, 16 Jul 1999 13:13:08 -0400 (EDT)
Sender: owner-cve-editorial-board-list@lists.mitre.org

Gene Spafford wrote:

>When I first had a student (Taimur Aslam) look at classifications of
>problems, configuration errors fell out as one category.  However, we
>found there were some ambiguities with user interface error, and
>incorrect documentation.  If something is misconfigured because the
>documentation is unclear (or wrong), is that a bug?  If so, where?  In
>the software that doesn't match the documentation, or in the
>documentation that doesn't match the software?

I see why the questions needs to be asked from a perspective of
classification and explanation; however, I don't think this particular
issue has much of an impact on the CVE.  The configuration problem
exists because of something a user did, regardless of how the user did
it or why they did it.  I believe that's sufficient for the CVE.

- Steve

Follow-Ups:
- Re: Issues for configuration problems in the CVE
  - From: Gene Spafford <spaf@cs.purdue.edu>

Prev by Date: CVE Review meetings 7/29-30 and 8/12-13 in Bedford, MA
Next by Date: Re: CONTENT DECISION: Content Decisions for "Password Selection" problems
Prev by thread: Re: Issues for configuration problems in the CVE
Next by thread: Re: Issues for configuration problems in the CVE
Index(es):
- Date
- Thread

Page Last Updated: May 22, 2007

Common Vulnerabilities and Exposures

Re: Issues for configuration problems in the CVE