[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CD PROPOSAL: SYSCON (Interim Decision 8/24)


This is unnecessarily limiting. From the perspective of a tool vendor, it
fits well. However I can't see why we need language that would limit the CVE
content in this way.

> -----Original Message-----
> From: Steven M. Christey [mailto:coley@LINUS.MITRE.ORG]
> Sent: Tuesday, August 17, 1999 4:46 PM
> To: cve-editorial-board-list@lists.mitre.org
> Subject: CD PROPOSAL: SYSCON (Interim Decision 8/24)
> Please vote on this pervasive content decision using the space
> provided below.  This content decision is scheduled for Interim
> Decision on August 24.
> - Steve
> Content Decision: SYSCON (System Administrator Consideration)
> -------------------------------------------------------------
> (Member may vote ACCEPT, MODIFY, REJECT, or NOOP.)
> Short Description
> -----------------
> All content decisions and individual CVE vulnerabilities must be
> considered in light of system administrators and security analysts,
> who are the ultimate beneficiaries of the CVE.
> Rationale
> ---------
> Security tools (such as assessment tools and IDSes), vulnerability
> databases, and academic research all have an ultimate goal of helping
> an enterprise to make itself more secure from attack.  Within the
> enterprise, system administrators and security analysts are the
> individuals who perform the bulk of the work involved in securing
> systems - applying patches, conducting assessments, keeping current
> with new vulnerabilities, etc.
> One of the goals of the CVE is to facilitate data sharing among
> security tools and databases.  Therefore, its content decisions and
> individual vulnerability entries should consider the impact and usage
> to system administrators and security analysts, despite the
> expectation that they might not use the CVE directly itself.

Page Last Updated or Reviewed: May 22, 2007