[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: The CVE-10K Problem
- To: <coley@rcf-smtp.mitre.org>
- Subject: RE: The CVE-10K Problem
- From: <Kent_Landfield@mcafee.com>
- Date: Thu, 18 Jan 2007 17:40:16 -0600
- Cc: <cve-editorial-board-list@LISTS.MITRE.ORG>
- Delivery-Date: Thu Jan 18 18:40:06 2007
- References: <C1D2BEFA.39AF%alfred_huger@symantec.com> <45AF6E60.2010400@cerias.net> <Pine.GSO.4.51.0701181246410.9345@faron.mitre.org>
- Thread-Index: Acc7KPZ+jmRJ4dKbQrKA0r+gW9Y7UQALzFNA
- Thread-Topic: The CVE-10K Problem
In September I addressed this issue in my presentation at the NIST Security Automation Conference. <grin> While I may have worried some of the Mitre folks with wondering what I was about to say </grin>, I pitched the existing funding issue and the need to assure this and other directly associated efforts were properly supported. The response I received from the government side was very positive. What we need to do is to document the increased growth of issues that have been addressed and then make that very public. Real numbers, real timelines and projected future numbers based on the existing growth curve. That is powerful information to present to the existing sponsors. There is a real need for substantive discussions as to how to support industry foundation projects such as CVE, OVAL, XCCDF, etc. As a first step the case for additional resources needs to be documented and published. -- Kent Landfield Director, Security Research McAfee, Inc. +1 972.963.7096 Direct +1 817.637.8026 Mobile kent_landfield@mcafee.com www.mcafee.com -----Original Message----- From: owner-cve-editorial-board-list@LISTS.MITRE.ORG [mailto:owner-cve-editorial-board-list@LISTS.MITRE.ORG] On Behalf Of Steven M. Christey Sent: Thursday, January 18, 2007 11:49 AM To: pmeunier Cc: Steven M. Christey; cve-editorial-board-list Subject: Re: The CVE-10K Problem On Thu, 18 Jan 2007, pmeunier wrote: > From all the replies, it seems that most of this board stopped reading > after your list of 4 options and missed your additional request for > thoughts regarding funding and related issues. I suggest you resend > that as a separate message. I wanted to raise the latter point as a consideration. This year, probably sooner rather than later, Dave Mann and I expect to be raising the larger funding issues, and considering strategies for coping. The Board seems fairly united on the numbering scheme, so we'll make an announcement and see if general CVE consumers have any major issues. - Steve
- References:
- Re: The CVE-10K Problem
- From: Alfred Huger <alfred_huger@symantec.com>
- Re: The CVE-10K Problem
- From: pmeunier <pmeunier@cerias.net>
- Re: The CVE-10K Problem
- From: "Steven M. Christey" <coley@rcf-smtp.mitre.org>
- Re: The CVE-10K Problem
- Prev by Date: Re: The CVE-10K Problem
- Prev by thread: Re: The CVE-10K Problem
- Index(es):
