CA Technologies Vote: CVE ID Syntax Change
First Choice: Option B
• A sequence of natural numbers is the most straightforward, logical, understandable, and predictable format. No need to use a format more complex than this.
• Infinite expansion, so it will never need to be changed, as Steve noted.
• IDs will not have seemingly excessive 3-4 zeroes of padding (Option A).
• Orgs/users will have extra time to implement changes because it’ll be a few months or longer before we hit 10k, as Steve noted.
• Proposed modifications to CVE scope/coverage may result in contraction, as Mark noted.
• Truncation is a potential problem, as Steve noted.
• Programming logic is slightly more complex, as Steve noted, but should not be a significant problem for CVE integrators/users.
Second Choice: Option A
• Too much padding, looks silly, more difficult to enunciate.
• As Steve mentioned, some might remove padding and cause problems with searches, ID machine processing, etc.
Thanks and regards,
Ken Williams, Director
CA Technologies Product Vulnerability Response Team
CA Technologies Business Unit Operations