[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: The CVE-10K Problem

As a consumer of that information and a tool vendor, we had no problem
at all with Red Hat's change.  

The CAN change did impact us as there was product code removed, backend
graduation processing disabled and data that had to be updated in the
field.  These were not a problem for us because we were given enough
time to plan the transition.

Kent Landfield
Director, Security Research
McAfee, Inc.
+1 972.963.7096 Direct
+1 817.637.8026 Mobile
-----Original Message-----
From: owner-cve-editorial-board-list@LISTS.MITRE.ORG
[mailto:owner-cve-editorial-board-list@LISTS.MITRE.ORG] On Behalf Of
Steven M. Christey
Sent: Tuesday, January 16, 2007 11:17 AM
To: Mark J Cox
Cc: Steven M. Christey; cve-editorial-board-list@LISTS.MITRE.ORG
Subject: Re: The CVE-10K Problem

On Mon, 15 Jan 2007, Mark J Cox wrote:

> Red Hat itself moved from 3 digit to 4 digit advisory identifiers at
> start of 2006 (we added several new products and we share identifiers
> between security and non-security updates).

I forgot to bring this up in my original message.  What problems, if
did Red Hat consumers encounter with this change?

Given that there were relatively few complaints with our change from
to CVEs, maybe the upcoming CVE-10K change would not be too problematic

- Steve

Page Last Updated or Reviewed: May 22, 2007