[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CD PROPOSAL: DIFFUNC (Interim Decision 8/24)



Please vote on this pervasive content decision using the space
provided below.  This content decision is scheduled for Interim
Decision on August 24.

- Steve



Content Decision: DIFFUNC (Different Function, Different Vulnerability)
-----------------------------------------------------------------------

VOTE:

(Member may vote ACCEPT, MODIFY, REJECT, or NOOP.)


Short Description
-----------------

Distinguish between components, systems, and executables that are
functionally different.


Rationale
---------

This is a pervasive content decision that provides high-level guidance
for distinguishing vulnerabilities in the CVE.  The definition of
"functionally different" is left vague, but refinements may be made
more explicit using other content decisions.


Examples
--------

Servers are functionally different than clients.  Mail servers are
functionally different than FTP or HTTP servers.  Unix is functionally
different than Windows NT.  A configuration problem related to
passwords is functionally different than a problem in the access
permissions of a file system.  A password is not functionally
different than a community name, a passphrase, or an NIS domain name
(though the services that *use* these "passwords" are functionally
different).

Page Last Updated or Reviewed: May 22, 2007