[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CD PROPOSAL: DIFFUNC (Interim Decision 8/24)

>Content Decision: DIFFUNC (Different Function, Different Vulnerability)


>(Member may vote ACCEPT, MODIFY, REJECT, or NOOP.)
>Short Description
>Distinguish between components, systems, and executables that are
>functionally different.
>This is a pervasive content decision that provides high-level guidance
>for distinguishing vulnerabilities in the CVE.  The definition of
>"functionally different" is left vague, but refinements may be made
>more explicit using other content decisions.
>Servers are functionally different than clients.  Mail servers are
>functionally different than FTP or HTTP servers.  Unix is functionally
>different than Windows NT.  A configuration problem related to
>passwords is functionally different than a problem in the access
>permissions of a file system.  A password is not functionally
>different than a community name, a passphrase, or an NIS domain name
>(though the services that *use* these "passwords" are functionally

Page Last Updated or Reviewed: May 22, 2007