RE: The CVE-10K Problem
As a consumer of that information and a tool vendor, we had no problem
at all with Red Hat's change.
The CAN change did impact us as there was product code removed, backend
graduation processing disabled and data that had to be updated in the
field. These were not a problem for us because we were given enough
time to plan the transition.
Director, Security Research
+1 972.963.7096 Direct
+1 817.637.8026 Mobile
[mailto:owner-cve-editorial-board-list@LISTS.MITRE.ORG] On Behalf Of
Steven M. Christey
Sent: Tuesday, January 16, 2007 11:17 AM
To: Mark J Cox
Cc: Steven M. Christey; cve-editorial-board-list@LISTS.MITRE.ORG
Subject: Re: The CVE-10K Problem
On Mon, 15 Jan 2007, Mark J Cox wrote:
> Red Hat itself moved from 3 digit to 4 digit advisory identifiers at
> start of 2006 (we added several new products and we share identifiers
> between security and non-security updates).
I forgot to bring this up in my original message. What problems, if
did Red Hat consumers encounter with this change?
Given that there were relatively few complaints with our change from
to CVEs, maybe the upcoming CVE-10K change would not be too problematic