[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: The nomenclature process in other fields

Hash: SHA1

There is no relationship between a taxonomy and the CVE, and we should
all strive to ensure one doesn't get drawn until Spaf gets
acceptance/adoption through CERIAS for something serious. The
implications of a taxonomy are huge, and if it hasn't been fully
vetted in the educational community, I fear it would only further
confuse the user community (not to mention our CVE efforts).

A taxonomy is directly applicable to a Vulnerability Database (VdB).
The CVE is definitely not a VdB. The CMEX is fearfully close to
becoming a VdB, but I believe we all know we'll have to minimize its
possible functionality to avoid it becoming one.

We're certainly, I believe, in a rare situation of trying to enumerate
before a taxonomy has been defined, let alone accepted. Such is the
distinct nature of the items we're working with. Keeping this
distinction in mind will help, I believe, to reduce the pressures some
feel about the approaches we're considering. Imagine what will happen
when our CVE numbers start appearing in patents...;-[

Hopefully, before that time, the CERIAS VdB effort will have borne,
um, more fruit.

Russ - NTBugtraq Editor

Version: PGP 6.0.2


Page Last Updated or Reviewed: May 22, 2007