[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Candidate numbering scheme

On Thu, May 13, 1999 at 03:40:58PM -0400, Steven M. Christey wrote:
| All:
| We seemed pretty much agreed that there should be a separate numbering
| scheme for "candidate" vulnerabilities that are proposed to the input
| forum.  We might be able to have a mailing list which utilizes some
| sort of ticketing system, but that would make it difficult to identify
| multiple vulnerabilities in the same email.  I propose a numbering
| scheme such as:
| where <id> is an "official" ID that identifies the proposer, YYYYMMDD
| is the year/month/date, and "n" separates multiple vulnerabilities
| that the proposer um, proposes on the same date.  The benefit of the
| date in the ID is that we can immediately see which candidates are
| getting "old."  In the short term, the proposer could take the
| responsibility for ensuring that their number is unique, and the
| encoded date helps that.

If N will become the CVE-N, I think this will work fine.  Otherwise,
we need to add references to CAN-NETECT-19990514A to CVE-00666 to
reference the discussion that lead to its acceptance.  


| In the longer term, it may be better to have an external mechanism
| that proposers can access to get more arbitrary numbers that are
| guaranteed to be unique.  I believe that Russ and Adam may have some
| ideas on such a mechanism.
| - Steve

Page Last Updated or Reviewed: May 22, 2007