[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Issues for configuration problems in the CVE
- To: cve-editorial-board-list@lists.mitre.org
- Subject: Re: Issues for configuration problems in the CVE
- From: "Steven M. Christey" <coley@linus.mitre.org>
- Date: Fri, 16 Jul 1999 13:13:08 -0400 (EDT)
- Sender: owner-cve-editorial-board-list@lists.mitre.org
Gene Spafford wrote: >When I first had a student (Taimur Aslam) look at classifications of >problems, configuration errors fell out as one category. However, we >found there were some ambiguities with user interface error, and >incorrect documentation. If something is misconfigured because the >documentation is unclear (or wrong), is that a bug? If so, where? In >the software that doesn't match the documentation, or in the >documentation that doesn't match the software? I see why the questions needs to be asked from a perspective of classification and explanation; however, I don't think this particular issue has much of an impact on the CVE. The configuration problem exists because of something a user did, regardless of how the user did it or why they did it. I believe that's sufficient for the CVE. - Steve
- Follow-Ups:
- Re: Issues for configuration problems in the CVE
- From: Gene Spafford <spaf@cs.purdue.edu>
- Re: Issues for configuration problems in the CVE
- Prev by Date: CVE Review meetings 7/29-30 and 8/12-13 in Bedford, MA
- Next by Date: Re: CONTENT DECISION: Content Decisions for "Password Selection" problems
- Prev by thread: Re: Issues for configuration problems in the CVE
- Next by thread: Re: Issues for configuration problems in the CVE
- Index(es):
