[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE ID Syntax Vote - results and next steps



This may seem a nit, but I'd like to add at least one option with
trailing zeros.  I always have trouble scanning columns of numbers
when I have to ignore the zeros at the start.

Adam

On Fri, Apr 19, 2013 at 05:01:24PM +0000, Kent_Landfield@McAfee.com wrote:
| There is one additional possibility that I did not include.  
| 
| OPTION H: Year + 12 digits, no leading 0's except IDs 1 to 999
| 
| Kent Landfield
| 
| McAfee | An Intel Company
| Direct: +1.972.963.7096 
| Mobile: +1.817.637.8026
| Web: www.mcafee.com
| 
| From: <Landfield>, Kent Landfield <Kent_Landfield@McAfee.com>
| Date: Friday, April 19, 2013 11:42 AM
| To: "cve-editorial-board-list@LISTS.MITRE.ORG" <
| cve-editorial-board-list@LISTS.MITRE.ORG>
| Subject: Re: CVE ID Syntax Vote - results and next steps
| 
| 
|     Can we have a quick poll on the combined set of existing options and the
|     ones Art has listed below?  I'd think a re-whittling of the choices may get
|     us to a better place to conduct a vote. 
|       + Do you desire a static length of the CVE Ids? --Yes ? No
|       + If so, what length do you feel would be acceptable to you?-- 6 ? 7 ? 12
|         ? More? -- Something else?
|     Here are options that combines what Art listed as well as the original two
|     options. The original Option C has been dropped from this poll as a result
|     of the initial vote.
| 
|      OPTION A: Year + 6 digits, with leading 0's
| 
|     OPTION B: Year + arbitrary digits, no leading 0's except IDs 1 to 999
| 
|     OPTION D: Year+ 7 digits with leading 0's
| 
|     OPTION E: Year + 12 digits with no leading zeros.
| 
|     OPTION F: Year + 12 digits with no leading zeros, starting at 1000 for each
|     year.
| 
|     OPTION G: Year + Infinite digits with no leading zeros, starting at 1000
|     for each year.
| 
|     Just want to take a pulse as to where we are?
| 
|     Kent Landfield
| 
|     McAfee | An Intel Company
|     Direct: +1.972.963.7096 
|     Mobile: +1.817.637.8026
|     Web: www.mcafee.com
| 
|     From: Art Manion <amanion@cert.org>
|     Date: Thursday, April 18, 2013 11:19 PM
|     To: "Booth, Harold" <harold.booth@nist.gov>
|     Cc: "cve-editorial-board-list@lists.mitre.org" <
|     cve-editorial-board-list@LISTS.MITRE.ORG>
|     Subject: Re: CVE ID Syntax Vote - results and next steps
| 
| 
|         -----BEGIN PGP SIGNED MESSAGE-----
|         Hash: SHA1
| 
| 
|         On 2013-04-18 22:34, Booth, Harold wrote:
| 
|         | I would also add that with an Option B with no leading zeros,
|         | including less than four digits, a transition of sorts is available
|         | for the first year (or more) if CVE identifiers started at 1000.
|         | Until the 9000'th CVE tools would successfully chug along giving
|         | everyone a bit more transition time. This could allow even more
|         | time depending on the eventual number of CVEs created. Whereas with
|         | an Option A with padding there is no such transition, and whatever
|         | number of digits are agreed to are included in every CVE from the
|         | beginning (in 2014?).
| 
|         For the sake of further discussion, by no means an official set of
|         choices...
| 
|         Option D:  Seven numeric characters with leading zeros.
| 
|         Option E:  Twelve numeric characters, no leading zeros.
| 
|         Option F:  Twelve numeric characters, no leading zeros, starting at
|         1000 for each year.
| 
|         Option G:  Infinite numeric characters, no leading zeros, starting at
|         1000 for each year.
| 
|         I picked 12 because someone suggested 10+.  I'm also saying "numeric
|         characters" to raise the issue of treating everything after "CVE" or
|         "CVE-YYYY" as a string.  Not sure that capping it makes much
|         difference.
| 
|         Not sure this covers all the recently discussed options.
| 
|         Also not sure how to handle this situation procedurally?  Declare a
|         mistrial and prepare another ballot, after further discussion?
| 
| 
|         ~ - Art
|         -----BEGIN PGP SIGNATURE-----
|         Version: GnuPG v1.4.13 (Darwin)
|         Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
| 
|         iEYEARECAAYFAlFwxdoACgkQk/8FEDbCaKOPEgCgnbaNJBjQESDRgZIBfEkbwhGy
|         ZvkAoKAsHLKb4sYDNP+kd3buSlenErhb
|         =wcLt
|         -----END PGP SIGNATURE-----
| 
| 


Page Last Updated or Reviewed: October 03, 2014