[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
Re: CD PROPOSAL: SYSCON (Interim Decision 8/24)
REJECT.
While sys admins are among the beneficiaries, there are others also. How
could this rule help us or be used? The only way I can think would be to
give some proclaimed operational type some leverage to dismiss other
viewpoints. Not what we need.
I believe there is value in considering what we do in light of the
practicalities, as well as the purity, of what we are creating here, but
I do not think any such special status is warranted.
Bill
"Steven M. Christey" wrote:
> Please vote on this pervasive content decision using the space
> provided below. This content decision is scheduled for Interim
> Decision on August 24.
>
> - Steve
>
> Content Decision: SYSCON (System Administrator Consideration)
> -------------------------------------------------------------
>
> VOTE:
>
> (Member may vote ACCEPT, MODIFY, REJECT, or NOOP.)
>
> Short Description
> -----------------
>
> All content decisions and individual CVE vulnerabilities must be
> considered in light of system administrators and security analysts,
> who are the ultimate beneficiaries of the CVE.
>
> Rationale
> ---------
>
> Security tools (such as assessment tools and IDSes), vulnerability
> databases, and academic research all have an ultimate goal of helping
> an enterprise to make itself more secure from attack. Within the
> enterprise, system administrators and security analysts are the
> individuals who perform the bulk of the work involved in securing
> systems - applying patches, conducting assessments, keeping current
> with new vulnerabilities, etc.
>
> One of the goals of the CVE is to facilitate data sharing among
> security tools and databases. Therefore, its content decisions and
> individual vulnerability entries should consider the impact and usage
> to system administrators and security analysts, despite the
> expectation that they might not use the CVE directly itself.
begin:vcard
n:Hill;William
tel;work:703-883-6416
x-mozilla-html:TRUE
org:The MITRE Corporation
adr:;;1820 Dolley Madison Blvd;McLean;VA;22102;
version:2.1
email;internet:bill@mitre.org
title:INFOSEC Engineer
fn:Bill Hill
end:vcard
S/MIME Cryptographic Signature