[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Candidate numbering scheme
- To: cve-review@linus.mitre.org
- Subject: Candidate numbering scheme
- From: "Steven M. Christey" <coley@linus.mitre.org>
- Date: Thu, 13 May 1999 15:40:58 -0400 (EDT)
All: We seemed pretty much agreed that there should be a separate numbering scheme for "candidate" vulnerabilities that are proposed to the input forum. We might be able to have a mailing list which utilizes some sort of ticketing system, but that would make it difficult to identify multiple vulnerabilities in the same email. I propose a numbering scheme such as: CAN-<id>-YYYYMMDDn where <id> is an "official" ID that identifies the proposer, YYYYMMDD is the year/month/date, and "n" separates multiple vulnerabilities that the proposer um, proposes on the same date. The benefit of the date in the ID is that we can immediately see which candidates are getting "old." In the short term, the proposer could take the responsibility for ensuring that their number is unique, and the encoded date helps that. In the longer term, it may be better to have an external mechanism that proposers can access to get more arbitrary numbers that are guaranteed to be unique. I believe that Russ and Adam may have some ideas on such a mechanism. - Steve
- Follow-Ups:
- Re: Candidate numbering scheme
- From: Adam Shostack <adam@netect.com>
- Re: Candidate numbering scheme
- Prev by Date: Methods for validating the current CVE
- Next by Date: Re: Candidate numbering scheme
- Prev by thread: RE: Methods for validating the current CVE
- Next by thread: Re: Candidate numbering scheme
- Index(es):
