|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: CD PROPOSAL: SYSCON (Interim Decision 8/24)
Reject This is unnecessarily limiting. From the perspective of a tool vendor, it fits well. However I can't see why we need language that would limit the CVE content in this way. > -----Original Message----- > From: Steven M. Christey [mailto:coley@LINUS.MITRE.ORG] > Sent: Tuesday, August 17, 1999 4:46 PM > To: cve-editorial-board-list@lists.mitre.org > Subject: CD PROPOSAL: SYSCON (Interim Decision 8/24) > > > Please vote on this pervasive content decision using the space > provided below. This content decision is scheduled for Interim > Decision on August 24. > > - Steve > > > Content Decision: SYSCON (System Administrator Consideration) > ------------------------------------------------------------- > > VOTE: > > (Member may vote ACCEPT, MODIFY, REJECT, or NOOP.) > > > > Short Description > ----------------- > > All content decisions and individual CVE vulnerabilities must be > considered in light of system administrators and security analysts, > who are the ultimate beneficiaries of the CVE. > > > Rationale > --------- > > Security tools (such as assessment tools and IDSes), vulnerability > databases, and academic research all have an ultimate goal of helping > an enterprise to make itself more secure from attack. Within the > enterprise, system administrators and security analysts are the > individuals who perform the bulk of the work involved in securing > systems - applying patches, conducting assessments, keeping current > with new vulnerabilities, etc. > > One of the goals of the CVE is to facilitate data sharing among > security tools and databases. Therefore, its content decisions and > individual vulnerability entries should consider the impact and usage > to system administrators and security analysts, despite the > expectation that they might not use the CVE directly itself. >
|
||||
