[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE ID Syntax Vote - results and next steps

Harold,

Thank you for the comment as I think it is spot on.  I too think a more expanded Option A is an reasonable alternative. I have stated before McAfee felt that 6 digits was just too short for the future proofing and if extended to 7 or more we may have changed our vote.  I see problems with option B but future proofing was really the driving factor for our decision. I'd like to second Harold's request to reconsider Option A length.   

Kent Landfield

McAfee | An Intel Company
Direct: +1.972.963.7096 
Mobile: +1.817.637.8026
Web: www.mcafee.com

From: <Booth>, Harold <harold.booth@nist.gov>
Date: Thursday, April 18, 2013 10:38 AM
To: "Christey, Steven M." <coley@mitre.org>, cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
Subject: RE: CVE ID Syntax Vote - results and next steps

I agree that a revote using the same options would probably result in more or less the same result. But after reviewing the reasoning for voting, those that voted for Option B were mostly concerned with avoiding the need to change again ("future proofing") while those who voted for Option A seemed to be mostly concerned with the variable length nature of Option B. I share both sets of concerns and I would presume that there is a point where a fixed length identifier would be of an acceptable length that those who voted for Option B could be comfortable with and would address their "future proofing" concerns and those who voted for Option A would not believe would be too long. I would also like to suggest that choosing whether to use leading zeroes or not be separate choice.

Regards,

-Harold

-----Original Message-----
Sent: Monday, April 15, 2013 6:54 PM
To: cve-editorial-board-list
Subject: CVE ID Syntax Vote - results and next steps

All,

Thank you very much for voting!  It may have been 10 years or more since our last formal vote.

We had 18 votes in all, far beyond the simple majority of listed Board members.

For the first choice, the results are:

   Option A - 7
   Option B - 7
   Option C - 4

As noted in our "Procedures and Timeline" email from March 26, item 10 says:

     "At least a simple majority of the votes cast is required for any option to be selected."

For 18 voters, we would need 10 votes for a single option, and obviously that's not the case here.  Option A and Option B are tied.

The only clear decision at this point, is that Option C cannot be selected.  Even among those who voted for Option C as their first choice, their second choices were split - two for Option A, and two for Option B.

We will be in touch with the Board regarding next steps.  It seems reasonable to have a re-vote among the final two options, but given how closely tied A and B are, we may need to clarify procedures to force us to come to a clear and timely decision while preserving the integrity of the process.

As usual, Board members are welcome to share their thoughts with the list.

Thanks,
Steve

P.S. As a side note, during the informal, non-voting, non-binding public feedback phase (which included some Board members), Option A and Option B were also tied, and Option C lagged behind.
Page Last Updated or Reviewed: October 03, 2014