[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
Re: Candidate numbering scheme
>| CAN-<id>-YYYYMMDDn
>| where <id> is an "official" ID that identifies the proposer, YYYYMMDD
>| is the year/month/date, and "n" separates multiple vulnerabilities
>| that the proposer um, proposes on the same date. The benefit of the
>| date in the ID is that we can immediately see which candidates are
>| getting "old." In the short term, the proposer could take the
>| responsibility for ensuring that their number is unique, and the
>| encoded date helps that.
>
>If N will become the CVE-N, I think this will work fine. Otherwise,
>we need to add references to CAN-NETECT-19990514A to CVE-00666 to
>reference the discussion that lead to its acceptance.
I don't think we would be able to guarantee that any "n" would become
CVE-N. When the "official" decision is announced for including a
candidate into the CVE, it can link the candidate number(s) and the
associated CVE numbers. A "summary" of outstanding candidates could
be posted on a semi-regular basis.
To ease sorting, perhaps it would be better to have the date appear
earlier in the format, e.g. CAN-19990514-NETECT-A
- Steve