[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE ID Syntax change - Round two vote results and comments



On Thu, 23 May 2013, security curmudgeon wrote:

> I would like to know why MITRE made an executive decision for 8
> digits when that was not clearly the concensus of the discussion. This
> type of choice seems to defeat the stated purpose of the editorial board.

The Board was given notice of an 8 digit option, and asked to comment, an 
entire week before the second vote began.

On Tuesday, April 30, we posted a message "Second round of discussion and 
voting for new CVE ID Syntax" to the Editorial Board, in which we 
specifically suggested a year plus 8 digits:

   http://cve.mitre.org/data/board/archives/2013-04/msg00074.html

The only response was from Kent Landfield, showing support for our 
proposal and bringing up a separate topic.

Since there were no additional comments, but it was apparent that our 
email went out to the list, we then proceeded with the vote according to 
the schedule.

>2. The question that has been put to MITRE at least once, if not more, 
>that has gone unanswered is more troubling.

Speaking only for myself, I was reluctant to draw too much attention to 
the fact that we gave a week's notice to the Board, and only one person 
responded.

- Steve


Page Last Updated or Reviewed: October 03, 2014