Re: Issues for configuration problems in the CVE
Gene Spafford wrote:
>When I first had a student (Taimur Aslam) look at classifications of
>problems, configuration errors fell out as one category. However, we
>found there were some ambiguities with user interface error, and
>incorrect documentation. If something is misconfigured because the
>documentation is unclear (or wrong), is that a bug? If so, where? In
>the software that doesn't match the documentation, or in the
>documentation that doesn't match the software?
I see why the questions needs to be asked from a perspective of
classification and explanation; however, I don't think this particular
issue has much of an impact on the CVE. The configuration problem
exists because of something a user did, regardless of how the user did
it or why they did it. I believe that's sufficient for the CVE.