|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: CD MODIFICATION: INCLUSION version 2 - Interim Decision 8/30
Steve Northcutt wrote: >So I understand and agree - candidates that meet the CVE vulnerbility >definition and meet all the criteria may be included in the CVE. I don't >understand why exposures that meet the rest of the conditions should end up >included in the CVE. It seems like this presents a way for these exposure >candidates such as finger, to become members of the class Vulnerabilities, >when in fact they should be members of a class Exposures. Hey! We could >start the CEE :) S. Note that we have proposed changing the name of the CVE to be "Common Vulnerabilities and Exposures." This idea has been accepted offline by most Board members I've spoken to. The trick will be for us Board members to use this new name, which effectively states that this list of "problems" will include both classes. Any discussions about how to discriminate between these two classes should be postponed until sometime after the big splash at SANS. How we discriminate between vulnerabilities and exposures, and what form that information might take, is future work. The current work is to iron out the details of the Interoperability Demo and to approve as many draft CVE entries as is feasible (as associated content decisions are resolved), so that the CVE has a credible introduction to the public. - Steve
|
||||
