[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Candidate numbering scheme




>| 	CAN-<id>-YYYYMMDDn
>| where <id> is an "official" ID that identifies the proposer, YYYYMMDD
>| is the year/month/date, and "n" separates multiple vulnerabilities
>| that the proposer um, proposes on the same date.  The benefit of the
>| date in the ID is that we can immediately see which candidates are
>| getting "old."  In the short term, the proposer could take the
>| responsibility for ensuring that their number is unique, and the
>| encoded date helps that.
>
>If N will become the CVE-N, I think this will work fine.  Otherwise,
>we need to add references to CAN-NETECT-19990514A to CVE-00666 to
>reference the discussion that lead to its acceptance.  

I don't think we would be able to guarantee that any "n" would become
CVE-N.  When the "official" decision is announced for including a
candidate into the CVE, it can link the candidate number(s) and the
associated CVE numbers.  A "summary" of outstanding candidates could
be posted on a semi-regular basis.

To ease sorting, perhaps it would be better to have the date appear
earlier in the format, e.g. CAN-19990514-NETECT-A

- Steve

Page Last Updated or Reviewed: May 22, 2007