[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Final Decision on Same Attack/Same Codebase to occur next Friday
- To: cve-review@linus.mitre.org
- Subject: Final Decision on Same Attack/Same Codebase to occur next Friday
- From: "Steven M. Christey" <coley@linus.mitre.org>
- Date: Fri, 2 Jul 1999 13:01:17 -0400 (EDT)
All: Next Friday I plan to make a final decision on whether to use a Same Attack or Same Codebase content decision. The interim review meeting at Black Hat will have highly opinionated individuals on both sides of the issue :-) but I will try my best not to be unreasonably influenced by the immediacy of those discussions. At this moment, while Matt Bishop makes a valid point that sometimes "neither" is sufficient, I believe that in general, Same Attack or Same Codebase will cover most of the software flaws that we encounter. Note that to me, this issue will be resolved for software faults *only* (with respect to the CVE anyway). I believe that the nature of the discussion with respect to the other primary CVE categories - i.e. configuration problems and the usage of certain types of services/applications - may have fundamentally different arguments associated with them, and possibly different content decisions (as discussed briefly in the tech paper). I will present those issues at a later time. - Steve
- Prev by Date: Re: Survey: Use of Same Attack/Same Codebase content decision in VDB's
- Next by Date: RE: List configuration question: Reply to Sender, or to List?
- Prev by thread: RE: List configuration question: Reply to Sender, or to List?
- Next by thread: FINAL DECISION: ACCEPT 16 candidates from CERT MODIFY-01
- Index(es):
