|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: CVE ID Syntax Change - Voting Ballot (Deadline April 14, 11:59 PM EDT)
- To: "cve-editorial-board-list@lists.mitre.org"<cve-editorial-board-list@LISTS.MITRE.ORG>
- Subject: RE: CVE ID Syntax Change - Voting Ballot (Deadline April 14, 11:59 PM EDT)
- From: "Williams, James K" <James.Williams@ca.com>
- Date: Tue, 2 Apr 2013 14:57:04 +0000
- Accept-Language: en-US
- Delivery-Date: Tue Apr 2 10:59:47 2013
- In-Reply-To: <201304012058.r31KwmHo024900@faron.mitre.org>
- List-Help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-Owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-Subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-Unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <201304012058.r31KwmHo024900@faron.mitre.org>
- Sender: <owner-cve-editorial-board-list@LISTS.MITRE.ORG>
- Thread-Index: AQHOLxwMTFbCfvvzAke+Zpm4lt+t95jC+1zA
- Thread-Topic: CVE ID Syntax Change - Voting Ballot (Deadline April 14, 11:59 PM EDT)
I'm voting for CA Technologies (aka CA). Ballot below. ===================================================== VOTING BALLOT ===================================================== ***************************************************** FIRST CHOICE: OPTION A: Year + 6 digits, with leading 0's Examples: CVE-2014-000001, CVE-2014-000999, CVE-2014-001234, CVE-2014-009999, CVE-2014-010000, CVE-2014-054321, CVE-2014-099999, CVE-2014-100000, CVE-2014-123456, CVE-2014-999999 REASONS (first choice): Simple, logical, straightforward, and easy for everybody to understand and transition to. This option is most similar to the existing/old format too. If we require more than a million identifiers in one year, we can easily expand this format by adding more leading zero(s). Another of the advantages of this option is that it provides a known fixed length for identifiers. ***************************************************** SECOND CHOICE: OPTION B: Year + arbitrary digits, no leading 0's except IDs 1 to 999 Examples: CVE-2014-0001, CVE-2014-0999, CVE-2014-1234, CVE-2014-9999, CVE-2014-10000, CVE-2014-54321, CVE-2014-99999, CVE-2014-100000, CVE-2014-123456, CVE-2014-999999, CVE-2014-1234567 REASONS (second choice): This is the next most simple and straightforward option. This option is not preferred though because of the potential for truncation errors. ***************************************************** LAST CHOICE: OPTION C: Year + arbitrary digits + check digit Examples: CVE-2014-1-8, CVE-2014-999-3, CVE-2014-1234-3, CVE-2014-9999-3, CVE-2014-10000-8, CVE-2014-54321-5, CVE-2014-123456-5, CVE-2014-999999-5, CVE-2014-1234567-4 REASONS (last choice): This option is not recommended because it is overly complex by introducing an unnecessary algorithm. The check digit effectively addresses a problem that never existed, and instead would likely create problems ... such as CVE implementers/users mistaking it for a popular versioning scheme (as Brian Martin noted). ***************************************************** Thanks and regards, Ken Williams, Director CA Technologies Product Vulnerability Response Team CA Technologies Business Unit Operations wilja22@ca.com
- References:
- CVE ID Syntax Change - Voting Ballot (Deadline April 14, 11:59 PM EDT)
- From: <cve-id-change@mitre.org>
- CVE ID Syntax Change - Voting Ballot (Deadline April 14, 11:59 PM EDT)
- Prev by Date: [SPAM deleted]
- Next by Date: RE: CVE ID Syntax Change - Voting Ballot (Deadline April 14, 11:59PM EDT)
- Prev by thread: Re: CVE ID Syntax Change - Voting Ballot (Deadline April 14, 11:59PM EDT)
- Next by thread: RE: CVE ID Syntax Change - Voting Ballot (Deadline April 14, 11:59PM EDT)
- Index(es):