[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Second Round ID Syntax vote declared valid

Ok, we have a format.  Congrats; Great.  Now we need to plan how to communicate this to the rest of the world.
  • FAQ / FAQ page on the CVE site?
  • What are we going to call this, CVE 2.0 ?
  • Are we going to reach out to each of the 75 companies that are CVE-Compatible to assure they know?
  • Have existing CNAs been notified?
  • How do we proactively notify the community of developers and organizational staff that they may have work to be able to assure they can leverage the change? (MITRE Booth at events such as BlackHat, others???, Press/rags?)
  • Etc 
A transition and outreach plan is needed here.  Our work is not done.  We, of course, need to work with our own organizations but as Board members, we need to assist in getting the message out.  Thoughts on being effective at it?

Kent Landfield

McAfee | An Intel Company
Direct: +1.972.963.7096 
Mobile: +1.817.637.8026
Web: www.mcafee.com

From: <Boyle>, "Stephen V." <sboyle@mitre.org>
Date: Thursday, June 6, 2013 10:49 AM
To: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
Cc: "Boyle, Stephen V." <sboyle@mitre.org>
Subject: Second Round ID Syntax vote declared valid

As specified in our email last week, the period to allow a second to the motion to

rescind the most recent vote closed yesterday, June 5th, 2013 at 11:59 PM EDT.


We did not receive any second to the motion to rescind, either publicly or privately.


As of today, June 6th 2013, Option B has been selected as the new ID Syntax for CVE

beginning 1 January 2014.


To reprise, Option B specifies the following:


-  Variable length

- 4-digit Year + four fixed digits for IDs up to 9999

- IDs 0001 through 0999 padded with leading zeros

- IDs over 9999 will expand as needed, no leading zeros



- Four digit IDS (through 9999)

    - CVE-2014-0001, CVE-2014-0999

    - CVE-2014-1234, CVE-2014-9999


- Five digit IDS (> 9999)

    - CVE-2014-10000, CVE-2014-54321, CVE-2014-99999


- Six digit IDS (> 99999)

    - CVE-2014-100000, CVE-2014-123456, CVE-2014-999999


- Etc., as needed


We again want to express our sincere thanks and gratitude to the Board for all of

the discussion and engagement as we went through this process.  Your combined

attention and efforts have once again moved CVE forward, to the benefit of the

community as a whole.


Thank you.


Best Regards,


Page Last Updated or Reviewed: October 03, 2014