[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [COMPAT] Draft NIST Recommendation for CVE-Compatible Products

It's very nice to see the CVE come this far.  Congratulations, Steve!

>The draft NIST recommendation for the usage of CVE-compatible products
>is available for commentary by February 18.
>See http://csrc.nist.gov/publications/drafts.html
>  The draft NIST recommendation "Use of the CVE Vulnerability Naming
>  Scheme Within its Acquired Products and Information Technology
>  Security Procedures" advises agencies on the use of the Common
>  Vulnerability and Exposures (CVE) vulnerability naming scheme. It
>  recommends that agencies give substantial consideration to buying
>  products and services compatible with the CVE naming scheme. The
>  recommendation also advises agencies to periodically monitor their
>  systems for vulnerabilities listed in the CVE vulnerability naming
>  scheme. Agencies are also advised to use the CVE naming scheme in
>  their communications and descriptions of vulnerabilities. You are
>  invited to submit any comments you may have to both Peter Mell and
>  Timothy Grance at peter.mell@nist.gov and timothy.grance@nist.gov by
>  February 18, 2002.
>- Steve

Pascal Meunier, Ph.D., M.Sc.
Assistant Research Scientist,
Purdue University

Page Last Updated or Reviewed: May 22, 2007