|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: The nomenclature process in other fields
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There is no relationship between a taxonomy and the CVE, and we should all strive to ensure one doesn't get drawn until Spaf gets acceptance/adoption through CERIAS for something serious. The implications of a taxonomy are huge, and if it hasn't been fully vetted in the educational community, I fear it would only further confuse the user community (not to mention our CVE efforts). A taxonomy is directly applicable to a Vulnerability Database (VdB). The CVE is definitely not a VdB. The CMEX is fearfully close to becoming a VdB, but I believe we all know we'll have to minimize its possible functionality to avoid it becoming one. We're certainly, I believe, in a rare situation of trying to enumerate before a taxonomy has been defined, let alone accepted. Such is the distinct nature of the items we're working with. Keeping this distinction in mind will help, I believe, to reduce the pressures some feel about the approaches we're considering. Imagine what will happen when our CVE numbers start appearing in patents...;-[ Hopefully, before that time, the CERIAS VdB effort will have borne, um, more fruit. Cheers, Russ - NTBugtraq Editor -----BEGIN PGP SIGNATURE----- Version: PGP 6.0.2 iQA/AwUBN0L0S8+Ua7J6A+woEQKSPQCg/om9jKKE6p/jRtkPiVYlF8paXYYAnR78 EW5GzzAdGdSW+oNo5RDLLgoA =ieqN -----END PGP SIGNATURE-----
|
||||
