[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Level of Abstraction Issue: Similar Applications, "Same" Vulnerability

Aleph One said:
>On Tue, Jun 29, 1999 at 04:36:08PM -0500, Gene Spafford wrote:
>> If everyone agrees with you, then write up a decision proceedure, and 
>> we move on.
>I am not running this show ;)

I know, I know, *I'm* running this show ;-)

I think this conversation has been productive, though I doubt we'll
all obtain full agreement given how today's discussions are going ;-)
There are clearly two camps.

I'd like the IDS experts to weigh in with their opinion (Kent, Stuart,
Steve?).  Then I'll attempt to gather everyone's comments and "induce"
a well-defined rule set for this particular content decision.

I believe that as long as content decisions such as these are
well-defined and defensible, and applied as consistently as possible,
then the CVE will have gone as far as it can to reflect "consensus."
We can document these debates we're having for further review by
others (whether through public logs of these messages, or some other

- Steve

Page Last Updated or Reviewed: May 22, 2007