|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [CVEPRI] March 9-10 Editorial Board Meeting Summary
At 10:17 AM 3/14/00 , you wrote: >Gene must have been eavesdropping on our meeting. Nah, I simply know all and see all. :-) Unfortunately, the view is frequently distressing..... >We also considered things >like ICQ, which is in permanent beta. We basically agreed that mere beta >status is not a reason to exclude things from the CVE. The main criteria for >inclusion would include length of life and wideness of availability. This >does not mean we have to include every security bug in every short-lived >"true" beta. > >Hope this clears things up. > >Andy >----- Original Message ----- >From: Gene Spafford <spaf@CERIAS.PURDUE.EDU> >To: Pascal Meunier <pmeunier@PURDUE.EDU> >Cc: <cve-editorial-board-list@lists.mitre.org> >Sent: Tuesday, March 14, 2000 8:50 AM >Subject: Re: [CVEPRI] March 9-10 Editorial Board Meeting Summary > > >> At 09:09 AM 3/14/00 , Pascal Meunier wrote: >> >>The Board also reviewed CD:EX-BETA. Attendees agreed that CVE should >> >>include problems in beta software, provided that the beta code was >> >>intended for public dissemination. >> > >> >I missed that part. I would like to know why people think that bugs >> >in admittedly buggy, pre-release, short-lived software run by a few >> >people (on hopefully sandboxed or somehow protected or unimportant >> >systems) should be of concern to the CVE. >> >> Unfortunately, the definition of "beta" that you used is not the one used >> by most vendors any more (except the buggy part). Most vendors now >> release traditionally-alpha code onto the net or in other widespread >> release and lots of people adopt it. Mozilla and Windows 2000 are >examples >> of long-lived, widesprad releases of "beta" code. >> >> --spaf >>
|
||||
