[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: The nomenclature process in other fields

Hash: SHA1

As we discovered in the last DataBase Vulnerability Working Group at
Spaf's place, a taxonomy is more than we want to do.  On the other
hand the convention selected needs to be precise enough to
differentiate between similar but different vulnerabilities.
- -mike
- -----Original Message-----
From: Gene Spafford [mailto:spaf@cs.purdue.edu]
Sent: Wednesday, May 19, 1999 11:24 AM
To: Craig Ozancin
Cc: cve-review@linus.mitre.org
Subject: RE: The nomenclature process in other fields

At 11:54 AM -0400 5/19/99, Craig Ozancin wrote:
> > enumeration != taxonomy
>True, But can we draw parallels between the two?

My former student, Ivan Krsul, had a long explanation about the 
difference between the two in his Ph.D. thesis.   Basically, we don't 
have underlying morphological or ontological structures identified 
that will allow us to come up with an unambiguous taxonomy at this 
time.   An enumeration is about the best we can hope for without 
further research and insight into the nature of vulnerabilities (and 
the policies on which they depend).

- --spaf

Version: PGP 6.0.2


Page Last Updated or Reviewed: May 22, 2007