[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVE ID Syntax Vote - results and next steps
On Thu, 18 Apr 2013, Kent_Landfield@McAfee.com wrote: : So what types of things could POTENTIALLY impact CVE in the future? All listed below are potentials only? : : 1. Increased CNAs in the existing US speaking countries This will no doubt happen. I am also going to start a campaign to yank CNA status from some vendors who are not following established procedure though. : 2. Potential global expansion with other geo-regions using CVE (global CNAs) This has potential to significantly increase CVEs, and we would break 10k quickly. I don't see it breaking 1MIL by any current standard or policy, even if every single country had 10 CNAs. : 3. Automated vulnerability identification means. See previous arguments. I don't consider this valid, despite it being my primary argument of "how to reach 1mil vulns in a year". : 4. Expansion to other evolving technologies such as tablet, mobile, etc. Uh... have you been watching CVE assignments the last few years? Those are already in the fold. This should be reworked to a significant jump in Android applications being analyzed for low hanging fruit, which has the potential to spike it well past 10k, but not into the 1MIL+ mark. : The CVE format cannot be decided based on the landscape today. There Then why are we deciding on a new format, based on the landscape today?