[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Level of Abstraction Issue: Similar Applications, "Same" Vulnerability
- To: cve-review@linus.mitre.org
- Subject: Re: Level of Abstraction Issue: Similar Applications, "Same" Vulnerability
- From: "Steven M. Christey" <coley@linus.mitre.org>
- Date: Thu, 8 Jul 1999 01:15:01 -0400 (EDT)
While I know I started this whole thing by saying "Same Attack" in the first place, I agree that there's better terminology to use, because we definitely don't want to emphasize the "attack" aspects of a vulnerability. Andre Frech used the term "Same Issue" which sounds OK, but I'm more in favor of "Same Error." I originally used "same attack" because it seemed to be a relatively concrete and repeatable way to describe the same type of vulnerability. I agree with Russ that the vulnerability exploited by Sechole is different than other vulnerabilities that grant privileges when exploited. In that particular case, it is my inexperience with the details of NT vulnerabilities that caused that particular wording to be used. As Russ pointed out, in some cases we may not be given enough information to truly identify the nature of a vulnerability (it's not just Microsoft that does this). But as more details emerge, perhaps the description can be modified somewhat to be more accurate. - Steve
- Prev by Date: Re: Level of Abstraction Issue: Similar Applications, "Same" Vulnerability
- Next by Date: Expediency or Correctness WAS: Level of Abstraction
- Prev by thread: Re: Level of Abstraction Issue: Similar Applications, "Same" Vulnerability
- Next by thread: RE: Level of Abstraction Issue: Similar Applications, "Same" Vulnerability
- Index(es):
