[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CD PROPOSAL: DIFFUNC (Interim Decision 8/24)

ACCEPT

"Steven M. Christey" wrote:
> 
> Please vote on this pervasive content decision using the space
> provided below.  This content decision is scheduled for Interim
> Decision on August 24.
> 
> - Steve
> 
> Content Decision: DIFFUNC (Different Function, Different Vulnerability)
> -----------------------------------------------------------------------
> 
> VOTE:
> 
> (Member may vote ACCEPT, MODIFY, REJECT, or NOOP.)
> 
> Short Description
> -----------------
> 
> Distinguish between components, systems, and executables that are
> functionally different.
> 
> Rationale
> ---------
> 
> This is a pervasive content decision that provides high-level guidance
> for distinguishing vulnerabilities in the CVE.  The definition of
> "functionally different" is left vague, but refinements may be made
> more explicit using other content decisions.
> 
> Examples
> --------
> 
> Servers are functionally different than clients.  Mail servers are
> functionally different than FTP or HTTP servers.  Unix is functionally
> different than Windows NT.  A configuration problem related to
> passwords is functionally different than a problem in the access
> permissions of a file system.  A password is not functionally
> different than a community name, a passphrase, or an NIS domain name
> (though the services that *use* these "passwords" are functionally
> different).

-- 
Stuart Staniford-Chen --- President --- Silicon Defense
                   stuart@silicondefense.com
(707) 822-4588                     (707) 826-7571 (FAX)
Page Last Updated or Reviewed: May 22, 2007