[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
RE: CD PROPOSAL: DIFFUNC (Interim Decision 8/24)
ACCEPT
> -----Original Message-----
> From: Steven M. Christey [mailto:coley@LINUS.MITRE.ORG]
> Sent: Tuesday, August 17, 1999 4:43 PM
> To: cve-editorial-board-list@lists.mitre.org
> Subject: CD PROPOSAL: DIFFUNC (Interim Decision 8/24)
>
>
> Please vote on this pervasive content decision using the space
> provided below. This content decision is scheduled for Interim
> Decision on August 24.
>
> - Steve
>
>
>
> Content Decision: DIFFUNC (Different Function, Different
> Vulnerability)
> --------------------------------------------------------------
> ---------
>
> VOTE:
>
> (Member may vote ACCEPT, MODIFY, REJECT, or NOOP.)
>
>
> Short Description
> -----------------
>
> Distinguish between components, systems, and executables that are
> functionally different.
>
>
> Rationale
> ---------
>
> This is a pervasive content decision that provides high-level guidance
> for distinguishing vulnerabilities in the CVE. The definition of
> "functionally different" is left vague, but refinements may be made
> more explicit using other content decisions.
>
>
> Examples
> --------
>
> Servers are functionally different than clients. Mail servers are
> functionally different than FTP or HTTP servers. Unix is functionally
> different than Windows NT. A configuration problem related to
> passwords is functionally different than a problem in the access
> permissions of a file system. A password is not functionally
> different than a community name, a passphrase, or an NIS domain name
> (though the services that *use* these "passwords" are functionally
> different).
>