|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: Code Red Vulnerability (CAN-2001-0500)
Thanks Steve. We'll take our chances with the CVE name. Stuart. On Tuesday, January 29, 2002, at 01:47 PM, Steven M. Christey wrote: > Stuart Staniford asked: > >> It would be somewhat nice to refer to the vulnerability by its CVE >> name, but it's still a candidate at present. Is there any ETA for >> when it might be approved? > > CAN-2001-0500 should become CVE-2001-0500 in the next CVE version. It > has enough votes. It probably didn't make it into the last version > because I didn't ACCEPT any candidates that had only been proposed to > the Board within the previous 2 months or so. > > After the new round of candidates will come out (brace yourselves for > ~200 tomorrow...) I will be working on creating a new CVE version, > which will come out in mid-February. This new version should exceed > 2000 entries. > > While it's theoretically risky to call this CVE-2001-0500 right now, I > think it's a very good bet. If you include a link to the CVE web site > (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0500), then > the CVE web site will bring you to the right record, even if it's > still a CAN for some unexpected reason. > > The transition of the name from CAN to CVE, and its impact on making > candidate numbers "obsolete" in written communications (not to mention > voluminous databases), is one reason why I'd like to make the one-time > change to the CVE naming scheme as alluded to in various conversations > in the past. I'm still thinking about how to do this right, and > *when* to do it. But a name that doesn't change from candidate to > entry would provide additional stability that would avoid these types > of problems. > > - Steve >
|
||||
