RE: The nomenclature process in other fields

[Russ <Russ.Cooper@rc.on.ca>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There is no relationship between a taxonomy and the CVE, and we should
all strive to ensure one doesn't get drawn until Spaf gets
acceptance/adoption through CERIAS for something serious. The
implications of a taxonomy are huge, and if it hasn't been fully
vetted in the educational community, I fear it would only further
confuse the user community (not to mention our CVE efforts).

A taxonomy is directly applicable to a Vulnerability Database (VdB).
The CVE is definitely not a VdB. The CMEX is fearfully close to
becoming a VdB, but I believe we all know we'll have to minimize its
possible functionality to avoid it becoming one.

We're certainly, I believe, in a rare situation of trying to enumerate
before a taxonomy has been defined, let alone accepted. Such is the
distinct nature of the items we're working with. Keeping this
distinction in mind will help, I believe, to reduce the pressures some
feel about the approaches we're considering. Imagine what will happen
when our CVE numbers start appearing in patents...;-[

Hopefully, before that time, the CERIAS VdB effort will have borne,
um, more fruit.

Cheers,
Russ - NTBugtraq Editor

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2

iQA/AwUBN0L0S8+Ua7J6A+woEQKSPQCg/om9jKKE6p/jRtkPiVYlF8paXYYAnR78
EW5GzzAdGdSW+oNo5RDLLgoA
=ieqN
-----END PGP SIGNATURE-----