|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: Code Red Vulnerability (CAN-2001-0500)
Stuart Staniford asked: >It would be somewhat nice to refer to the vulnerability by its CVE >name, but it's still a candidate at present. Is there any ETA for >when it might be approved? CAN-2001-0500 should become CVE-2001-0500 in the next CVE version. It has enough votes. It probably didn't make it into the last version because I didn't ACCEPT any candidates that had only been proposed to the Board within the previous 2 months or so. After the new round of candidates will come out (brace yourselves for ~200 tomorrow...) I will be working on creating a new CVE version, which will come out in mid-February. This new version should exceed 2000 entries. While it's theoretically risky to call this CVE-2001-0500 right now, I think it's a very good bet. If you include a link to the CVE web site (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0500), then the CVE web site will bring you to the right record, even if it's still a CAN for some unexpected reason. The transition of the name from CAN to CVE, and its impact on making candidate numbers "obsolete" in written communications (not to mention voluminous databases), is one reason why I'd like to make the one-time change to the CVE naming scheme as alluded to in various conversations in the past. I'm still thinking about how to do this right, and *when* to do it. But a name that doesn't change from candidate to entry would provide additional stability that would avoid these types of problems. - Steve
|
||||
