[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Candidate numbering scheme


Having done some serious traveling last week I was somewhat brain dead when
I made my last posts.

I have given the candidate numbering scheme some thought.

1. We definitely need the candidate numbering scheme. It give the steering
committee a common reference to the vulnerability.

2. If these number are public, how will be get people to stop using them
when vulnerabilities are accepted and given a real CVE number. Once some
starts referring to a candidate number, they are likely to continue to refer
to that number even after the it receives a official CVE number.

3. If the vulnerability is not made public until an official CVE number is
assigned, we will miss out on the discussions/validations that an open
public forum will give us.

These are just my current thoughts. I think that the CVE is a great step in
the right direction. 

Craig Ozancin
AXENT Technologies

Page Last Updated or Reviewed: May 22, 2007