[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Issues for configuration problems in the CVE

Gene Spafford wrote:

>When I first had a student (Taimur Aslam) look at classifications of
>problems, configuration errors fell out as one category.  However, we
>found there were some ambiguities with user interface error, and
>incorrect documentation.  If something is misconfigured because the
>documentation is unclear (or wrong), is that a bug?  If so, where?  In
>the software that doesn't match the documentation, or in the
>documentation that doesn't match the software?

I see why the questions needs to be asked from a perspective of
classification and explanation; however, I don't think this particular
issue has much of an impact on the CVE.  The configuration problem
exists because of something a user did, regardless of how the user did
it or why they did it.  I believe that's sufficient for the CVE.

- Steve

Page Last Updated or Reviewed: May 22, 2007