[CVEPRI] New content decisions to be proposed
The proposal and discussion of CVE content decisions will begin today.
The first 3 CD's to be proposed are CD:VOTE, CD:SF-EXEC, and
CD:SF-LOC. I view these as the most critical content decisions at
For a refresher on the content decision adoption process, see
Each CD will be discussed for 1 month, after which a vote will be
held. Modifications will be made to the CD's as feedback occurs.
Many CD's will include specific examples, a URL which lists all
affected candidates, and a semi-formal method for applying the CD.
CD:VOTE modifies candidate voting rules, much of it based on feedback
from the AXENT Editorial Board meeting. The most significant change
is that it allows MITRE to cast votes, which was informally approved
by the attendees at the AXENT meeting and documented in
[CVEPRI]-tagged posts to the Editorial Board list without any
subsequent protest by those who did not participate in the
CD:SF-LOC applies to cases in which multiple bugs appear in the same
executable, but in different lines of code (LOC). CD:SF-LOC affects
53 candidates, and about 20 of those are related to vendor advisories.
CD:SF-EXEC applies to cases in which the same bug appears in multiple
executables. CD:SF-EXEC affectes 34 candidates, and about 10 of them
are related to vendor advisories.
Subsequent CD's will be documented and finalized in the coming months.