|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: The CVE-10K Problem
As a consumer of that information and a tool vendor, we had no problem at all with Red Hat's change. The CAN change did impact us as there was product code removed, backend graduation processing disabled and data that had to be updated in the field. These were not a problem for us because we were given enough time to plan the transition. -- Kent Landfield Director, Security Research McAfee, Inc. +1 972.963.7096 Direct +1 817.637.8026 Mobile kent_landfield@mcafee.com www.mcafee.com -----Original Message----- From: owner-cve-editorial-board-list@LISTS.MITRE.ORG [mailto:owner-cve-editorial-board-list@LISTS.MITRE.ORG] On Behalf Of Steven M. Christey Sent: Tuesday, January 16, 2007 11:17 AM To: Mark J Cox Cc: Steven M. Christey; cve-editorial-board-list@LISTS.MITRE.ORG Subject: Re: The CVE-10K Problem On Mon, 15 Jan 2007, Mark J Cox wrote: > Red Hat itself moved from 3 digit to 4 digit advisory identifiers at the > start of 2006 (we added several new products and we share identifiers > between security and non-security updates). I forgot to bring this up in my original message. What problems, if any, did Red Hat consumers encounter with this change? Given that there were relatively few complaints with our change from CANs to CVEs, maybe the upcoming CVE-10K change would not be too problematic either. - Steve
|
||||
