[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [CVEPRI] CVE accuracy, consistency, stability, and timeliness

To: cve-editorial-board-list@lists.mitre.org
Subject: RE: [CVEPRI] CVE accuracy, consistency, stability, and timeliness
From: "Steven M. Christey" <coley@linus.mitre.org>
Date: Mon, 26 Jun 2000 18:35:13 -0400 (EDT)
Delivery-Date: Mon Jun 26 18:36:36 2000
Sender: owner-cve-editorial-board-list@lists.mitre.org

Andre Frech asked:

>Being more specific helps all communities; the more exacting
>communities could have a method for organizing or excluding what they
>believe is spurious, but you can never reference what's not there.
>
>Whatever you do, try and avoid the shopping carts mentioned in those
>11 CANs.) :-) :-)

Actually, recent discussions make it clear what to do with shopping
cart vulnerabilities.  Consider:

1) The exploits are usually different

2) The problems are present in products owned by many different
   vendors

3) The products often provide somewhat different functionality

4) Many of the products don't have source code, so you can only guess
   at whether they have the same bugs or not

There is no conclusive evidence that these problems all arise from the
same code.  Therefore, to follow "Board Doctrine" as it were, they
should remain SPLIT until someone proves otherwise. :-)

- Steve

Prev by Date: RE: [BOARD] Status of CyberCrime treaty statement
Next by Date: Re: [BOARD] Status of CyberCrime treaty statement
Prev by thread: RE: [CVEPRI] CVE accuracy, consistency, stability, and timeliness
Next by thread: [CVEPRI] Next face-to-face Board meeting in Denver, August 14-15
Index(es):
- Date
- Thread