"Safe" vulnerabilities ready for review

To: cve-review@linus.mitre.org
Subject: "Safe" vulnerabilities ready for review
From: "Steven M. Christey" <coley@linus.mitre.org>
Date: Mon, 17 May 1999 21:44:18 -0400 (EDT)


All:

I've taken a quick crack at identifying a "safe" subset of
vulnerabilities that (hopefully) won't generate much discussion or
controversy.

About 250 of the 650 CVE vulnerabilities are "safe" for review.  Yes,
that leaves 400 others, but:

- these 250 are tested by one or more tools (mostly network-based,
commercial or freeware)

- almost 200 are software flaws

- most don't have any level of abstraction inconsistencies across
mappings

This is NOT to say that there are 400 contentious entries, rather that
my most concrete "first cut" has produced these 250.  The remaining
400 include:
  - entries that had to do with content decisions that I think might
    cause discussion
  - a lot of other entries that are host-based but "stable" and
    probably non-controversial
  - vulnerabilities that are more recent than my mappings

I'll provide the list by Tuesday afternoon.

- Steve

Prev by Date: RE: Candidate numbering scheme
Next by Date: RE: Candidate numbering scheme
Prev by thread: Tool Mapping Update
Next by thread: Administrivia
Index(es):
- Date
- Thread

Page Last Updated or Reviewed: May 22, 2007

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.