[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CD PROPOSAL: CATSPEC (Interim Decision 8/24)



Andre Frech and Stuart Staniford-Chen expressed some confusion with
the use and implications of this content decision.

Andre said, "It almost seems like the methodology can only improve the
content."

CATSPEC, along with DESC-UNIQ and DESC-LOOKUP and some of the content
decisions we'll vote on later, are related to the methodology with
which entries are placed into the CVE.  While they don't have a direct
impact on any CVE vulnerabilities, I have listed them because:
  - (a) they make very explicit *what* goes into the CVE, what it
    looks like, and why
  - (b) they will serve as guidance to anyone who submits a candidate,
    as well as anyone who votes
  - (c) I expect that they will allow shorthand descriptions of why a
    candidate is rejected or modified

I believe that this openness is important since the CVE could be used
for a broad variety of applications.  We want to allow someone to be
able to assess the high-level utility and applicability of the CVE for
their own needs, and tell them what to expect when they see it.


- Steve

 
Page Last Updated: May 22, 2007