[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Gene Spafford has left the CVE Editorial Board

I want to echo the CVE Team’s thanks and appreciation. I always found Spaf’s guidance and contributions extremely valuable.  

Thanks for always fighting the good fight Spaf!!!
Kent Landfield

From: <owner-cve-editorial-board-list@lists.mitre.org> on behalf of Common Vulnerabilities & Exposures <cve@mitre.org>
Date: Wednesday, May 11, 2016 at 7:59 AM
To: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
Subject: Gene Spafford has left the CVE Editorial Board

Eugene H. (Spaf) Spafford, Executive Director of the Purdue University Center for Education and Research in Information Assurance and Security (CERIAS), has left the CVE Editorial Board. We are pleased to recognize Spaf with Emeritus status for his many significant contributions to CVE, particularly in the early days of the project.


Spaf hosted the Second Workshop on Research with Security Vulnerability databases in January 1999. He accepted the paper “Towards a Common Enumeration of Vulnerabilities,” authored by David Mann and Steve Christey of The MITRE Corporation, which was the genesis of CVE. He was heavily involved in many discussions on the technical development of CVE, the structure of the CVE Editorial Board, and was very active in the go-live activities in September 1999. Spaf was also a vocal evangelist for CVE to the general public.


Spaf was influential in the development of the CVE content decisions, and was key to the discussion of how logical or domain-specific vulnerabilities often require interpretation in light of the developer’s “intended security policy.” He advocated heavily for the “same code” abstraction rule, which became one of the key tenets of CVE abstraction and influenced almost every other vulnerability database. A link to that discussion is available here:



Spaf was also part of a vocal group that objected to the term “Common Vulnerability Enumeration” because the draft CVE at the time included configuration and other non-vulnerability scanner data. These discussions led to the term “Common Vulnerabilities and Exposures.”


Thank you, Spaf, for all of your contributions and support to CVE over the years!


The CVE Team


Page Last Updated or Reviewed: May 17, 2016