Re: Wireless VE
On Thu, 8 Dec 2005, Andy Balinsky wrote:
> There is a new CVE clone effort out there for Wireless vulnerabilities
> (WVE). This brings up several issues:
> - What is the status of CVE, given that the editorial board hasn't had
> any activity for many many months?
I'll tackle this in the next email. Short answer is: we need to revisit
the Board's role(s) and revitalize it as needed.
> - Does this WVE effort detract from CVE and add confusion to the world
> by coming up with a second set of standard names for things that CVE
> covers, too? Or is it good to get more information categorized out there
> in the world?
We are looking into how WVE arose and how credible of an effort it is.
There is only one vendor involved at the time, so it is not clear whether
it will receive wider adoption. There is some overlap, but they link to
CVEs and include things like malware. So from a technical perspective,
they are different, although I am also concerned about confusion.
> Although their entry format is very similar to CVE (as well as their
> structure, including an Editorial Board), they include 2 categories of
> entries: Vulnerabilities and Exploits. They use the same namespace
> (WVE-2005-????) for both vulns & exploits.
We don't know much about trademark law, but the similarity can't be
denied, and I believe we have no choice but to look into it. We certainly
don't want to hamper any legitimate efforts, but as I understand it,
trademark law requires that we must show due diligence in protecting the
CVE trademark. If we do not at least look into this, then that could
cause problems if any future situations were to arise. Hope that made