[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Naming Working Group



The CVE Board has created a new Working Group, the Naming Working Group. We would like to invite all members of the CVE Board and the CNAs to participate. This Working Group is also open to members of the CWE and CAPEC projects.


The Naming Working Group will review our Abstraction rules. Where there are gaps between different naming systems (such as CVE, CWE, or CAPEC), the Working Group will clearly identify those gaps and consider changes to CVE Abstraction rules to allow for reasonable and consistent naming for these cases. For example, branded security issues (such as FREAK or Badlock) can be far more complex than a typical vulnerability, and formal naming conventions fail to address this kind scenario. (For FREAK, CVE IDs were assigned for the FREAK exploit in many products, but FREAK itself could not be easily "named".)


If you are interested in participating, the first step would be to join the Working Group discussion list, cve-board-naming-list@lists.mitre.org.


To join, either respond to this message or email cve@mitre.org with the request.


Specific agendas and goals will be discussed on that list once it is populated.


Please let us know if you have any questions.






Daniel Adinolfi, CISSP

Lead Cybersecurity Engineer, The MITRE Corporation

CVE Communications and CNA Coordinator

Email: <dadinolfi@mitre.org>  Phone: 781-271-5774




Page Last Updated or Reviewed: January 25, 2017