|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [TECH] CD:VAGUE (Vague Vendor Descriptions of Vulnerabilities)
Scott Lawler said: >I'm sure if we beat this to [death] long enough we can come up with a >metric for vagueness too. :-) Funny you should mention that... I'm currently preparing the next CVE version, which means reviewing the candidates that have enough ACCEPT votes, making final modifications, etc. Since CD:VAGUE is so new, *and* this is the first time I've reviewed the major batch of legacy candidates that was proposed in September, I'm finding a number of candidates that are directly affected by CD:VAGUE. Besides the old CERT advisories and other advisories I've alluded to in past emails, I'm running across a few examples that pose the question: "how vague is too vague?" I'll ask this question (and others), and provide specific examples, sometime after a few hundred less questionable candidates are moved to the Interim Decision phase. - Steve
|
||||
