|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [CVEPRI] New content decisions to be proposed
All: The proposal and discussion of CVE content decisions will begin today. The first 3 CD's to be proposed are CD:VOTE, CD:SF-EXEC, and CD:SF-LOC. I view these as the most critical content decisions at this time. For a refresher on the content decision adoption process, see http://cve.mitre.org/Board_Sponsors/archives/msg00848.html Each CD will be discussed for 1 month, after which a vote will be held. Modifications will be made to the CD's as feedback occurs. Many CD's will include specific examples, a URL which lists all affected candidates, and a semi-formal method for applying the CD. CD:VOTE modifies candidate voting rules, much of it based on feedback from the AXENT Editorial Board meeting. The most significant change is that it allows MITRE to cast votes, which was informally approved by the attendees at the AXENT meeting and documented in [CVEPRI]-tagged posts to the Editorial Board list without any subsequent protest by those who did not participate in the face-to-face. CD:SF-LOC applies to cases in which multiple bugs appear in the same executable, but in different lines of code (LOC). CD:SF-LOC affects 53 candidates, and about 20 of those are related to vendor advisories. CD:SF-EXEC applies to cases in which the same bug appears in multiple executables. CD:SF-EXEC affectes 34 candidates, and about 10 of them are related to vendor advisories. Subsequent CD's will be documented and finalized in the coming months. - Steve
|
||||
