[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: The CVE-10K Problem

As a consumer of that information and a tool vendor, we had no problem
at all with Red Hat's change.  

The CAN change did impact us as there was product code removed, backend
graduation processing disabled and data that had to be updated in the
field.  These were not a problem for us because we were given enough
time to plan the transition.

--
Kent Landfield
Director, Security Research
McAfee, Inc.
+1 972.963.7096 Direct
+1 817.637.8026 Mobile
kent_landfield@mcafee.com
www.mcafee.com
 
-----Original Message-----
From: owner-cve-editorial-board-list@LISTS.MITRE.ORG
[mailto:owner-cve-editorial-board-list@LISTS.MITRE.ORG] On Behalf Of
Steven M. Christey
Sent: Tuesday, January 16, 2007 11:17 AM
To: Mark J Cox
Cc: Steven M. Christey; cve-editorial-board-list@LISTS.MITRE.ORG
Subject: Re: The CVE-10K Problem

On Mon, 15 Jan 2007, Mark J Cox wrote:

> Red Hat itself moved from 3 digit to 4 digit advisory identifiers at
the
> start of 2006 (we added several new products and we share identifiers
> between security and non-security updates).

I forgot to bring this up in my original message.  What problems, if
any,
did Red Hat consumers encounter with this change?

Given that there were relatively few complaints with our change from
CANs
to CVEs, maybe the upcoming CVE-10K change would not be too problematic
either.

- Steve
Page Last Updated or Reviewed: May 22, 2007