[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE ID Syntax Vote - results and next steps



On Thu, 18 Apr 2013 14:30:58 -0500
security curmudgeon <jericho@attrition.org> wrote:

> And this speaks to my point about selfish desires. You are making this 
> decision based on YOUR company, and YOUR development cycles that will be 
> used to change the scheme internally. This is not voting in the interest 
> of the community at all.
> 
...

Please explain what you mean by "community" -- I thought McAfee was part of it,
and that their concerns would be shared by a part of the community. What costs
them could also cost people (customers) using the security products of a number
of vendors.

> I will be the community advocate on this response:
> 
> So what? Your problem, not mine.

Isn't that response selfish?  I'm sorry, I don't understand.  I guess I also
expressed "selfish" opinions and reasons to vote the way I did, but I don't
think they're invalid or inappropriate.  I believe that our mission as board
members is to strike a balance between the theoretical best and the realities
of creating, using and applying the CVE.  Part of it is also to share
our considerations of the use cases we understand and experience, which makes
our opinions somewhat representative of people with similar needs and interests.
I don't know nearly enough to say what's best for all the stakeholders in the
CVE (community?).  

Pascal


 
Page Last Updated: June 26, 2013