[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CD MODIFICATION: INCLUSION version 2 - Interim Decision 8/30



At 6:59 PM -0400 8/24/99, Steven M. Christey wrote:
>VOTE:

ACCEPT

>
>(Member may vote ACCEPT, MODIFY, REJECT, or NOOP.)
>
>
>
>Content Decision: INCLUSION (What to include in the CVE)
>--------------------------------------------------------
>
>Modified: 08/24/1999
>
>A candidate entry may be included in the CVE if all of the following
>conditions hold:
>
>1) It satisfies either the CVE vulnerability definition or the CVE
>exposure definition
>
>2) It does not satisfy any Exception (see other content decisions)
>
>3) At least 50% of active voting members vote on the candidate, and
>there are more votes for inclusion (ACCEPT/MODIFY) than exclusion
>(REJECT).  An active voter is one who has voted on the particular
>candidate or voted for some candidate in the previous two weeks (or
>several times in the previous month), and has not declared themselves
>to be inactive.
>
>4) Either:
>   - at least 3 non-MITRE members vote for inclusion, *OR*
>   - the candidate entry predates the initial public release
>     of the CVE, and
>     - at least 2 non-MITRE members vote for inclusion, and
>     - either the entry is confirmed by the vendor, or it is tested by
>       at least one well-known security tool (or mentioned in at least
>       one well-known vulnerability database) that is not associated
>       with a Board member who voted for the candidate
>
>5) The Moderator has determined that further discussion of the
>candidate will not affect the decision with respect to the candidate,
>*or* it is in the best interests of the CVE to make a decision.

Page Last Updated or Reviewed: May 22, 2007