|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: CD MODIFICATION: INCLUSION version 2 - Interim Decision 8/30
At 6:59 PM -0400 8/24/99, Steven M. Christey wrote: >VOTE: ACCEPT > >(Member may vote ACCEPT, MODIFY, REJECT, or NOOP.) > > > >Content Decision: INCLUSION (What to include in the CVE) >-------------------------------------------------------- > >Modified: 08/24/1999 > >A candidate entry may be included in the CVE if all of the following >conditions hold: > >1) It satisfies either the CVE vulnerability definition or the CVE >exposure definition > >2) It does not satisfy any Exception (see other content decisions) > >3) At least 50% of active voting members vote on the candidate, and >there are more votes for inclusion (ACCEPT/MODIFY) than exclusion >(REJECT). An active voter is one who has voted on the particular >candidate or voted for some candidate in the previous two weeks (or >several times in the previous month), and has not declared themselves >to be inactive. > >4) Either: > - at least 3 non-MITRE members vote for inclusion, *OR* > - the candidate entry predates the initial public release > of the CVE, and > - at least 2 non-MITRE members vote for inclusion, and > - either the entry is confirmed by the vendor, or it is tested by > at least one well-known security tool (or mentioned in at least > one well-known vulnerability database) that is not associated > with a Board member who voted for the candidate > >5) The Moderator has determined that further discussion of the >candidate will not affect the decision with respect to the candidate, >*or* it is in the best interests of the CVE to make a decision.
|
||||
