Validation of CVE candidate vulnerabilities to begin Friday 6/4
This Friday, I plan to provide you with an initial list of 50
vulnerabilities in the current CVE (i.e. version 199904290013) that I
believe will be "easily" approved. I will also present an additional
"schedule" for reviewing the remaining vulnerabilities (and the new
ones that have cropped up since the initial limited CVE release).
I will use the candidate numbering scheme that most of us have agreed
to try. Adam Shostack has graciously declined further comment in the
interest of moving forward, but his reticence is duly noted ;-)
Expect an updated, high-level schedule from Dave Mann in the next day
or so regarding all CVE-related activities. In short, we are going to
develop a schedule that gives the Editorial Board members sufficient
time to review and discuss content issues, while also incurring "hard
deadlines" for when we publicly announce the CVE. More details will
be forthcoming from Dave.
I hope you enjoyed the past few weeks of relative quiet on this list.
I expect that's about to change ;-)