Re: Methods for validating the current CVE

[Dave Mann <damann@mitre.org>]

How about we cull out the "safe" canidates first and then
send that trimmed down list for verification. Non-MITRE folks,
do you think you could give faster turn around on a short list
who's entries map 1-1 to elements in the common tools? Vendors,
would it be helpful to get our opinion on the mappings? [many
thorny issues here]

Thus, the approach would be to get fast opinions on what we
can get agreement on quickly. Then turn to the more contentious
entries.

Opinions?

Dave

"Steven M. Christey" wrote:
> 
> All:
> 
> I like Russ' idea of reviewing the current CVE entries in the mailing
> list, but there really is an awfully large number to deal with.
> However, I think there are lots of entries where there should be no
> (or little) debate.  We may be able to quickly agree on a relatively
> large percentage of the current entries.  Still, 8 per day for a month
> only covers about 35% of the vulnerabilities.
> 
> I believe there are probably about 50 to 100 entries that could be
> "hot topics" or require some degree of change.  I could create a
> default form and post a few "controversial candidates" per day to the
> list.  What do people think?
> 
> - Steve

-- 



=========================================================
David Mann                     ||  phone: (781) 271 - 2252
INFOSEC Engineer/Scientist, Sr || 
Enterprise Security Solutions  ||    fax: (781) 271 - 3957
The MITRE Corporation          ||
Bedford, Mass 01730            || e-mail: damann@mitre.org