[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fwd: IP: it's time the media started labeling these viruses correctly!
I'm going to be provincial and just address the CVE-related issues here :-) Gene Spafford said: >Imagine if we were to do CVE entries for [each virus]? Note that on occasion, one or two system administrators ask if CVE has entries for viruses. Some of them report that they have difficulty with the different naming schemes used by various virus vendors. They see CVE as a way to resolve this problem. My response is usually twofold: (a) we are staying away from naming things that are already identified by the anti-virus community; and (b) viruses are a high cardinality item, and as such wouldn't have separate entries in CVE, at least as dictated by the HIGHCARD content decision. To my way of thinking, there might be a very small number of entries for a virus (since it falls under the "malicious presence" category), just like there's a small number of candidates for Trojan horses (CAN-1999-0660 and CAN-1999-0661) or other "utilities" like DDos masters or zombies (CAN-2000-0138). People are generally satisfied with this answer, but the fact that they ask indicates that there is some need for a naming convention for viruses. Note that I'm not a virus expert, so I don't know if the list of aliases used in the WildList is sufficient for this use. If you're interested in this issue, also see Joe Wells' article on virus naming issues at http://www.wildlist.org/naming.htm A technical issue with respect to naming viruses in CVE is that CVE's naming space only supports a maximum of 9,999 items per year (although there are some ways of expanding this if necessary, without changing the format of the name). - Steve