[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CD PROPOSAL: SYSCON (Interim Decision 8/24)



Please vote on this pervasive content decision using the space
provided below.  This content decision is scheduled for Interim
Decision on August 24.

- Steve


Content Decision: SYSCON (System Administrator Consideration)
-------------------------------------------------------------

VOTE:

(Member may vote ACCEPT, MODIFY, REJECT, or NOOP.)



Short Description
-----------------

All content decisions and individual CVE vulnerabilities must be
considered in light of system administrators and security analysts,
who are the ultimate beneficiaries of the CVE.


Rationale
---------

Security tools (such as assessment tools and IDSes), vulnerability
databases, and academic research all have an ultimate goal of helping
an enterprise to make itself more secure from attack.  Within the
enterprise, system administrators and security analysts are the
individuals who perform the bulk of the work involved in securing
systems - applying patches, conducting assessments, keeping current
with new vulnerabilities, etc.

One of the goals of the CVE is to facilitate data sharing among
security tools and databases.  Therefore, its content decisions and
individual vulnerability entries should consider the impact and usage
to system administrators and security analysts, despite the
expectation that they might not use the CVE directly itself.

Page Last Updated or Reviewed: May 22, 2007