[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Proposal: CVE candidate/approved numbering scheme



>Just exactly why would you need CAN-numbers in bulk? The most
>vulnerabilities I've ever seens any one organization publish in
>a single day has been three or four.

Whenever a new CNA comes on board, they are likely to believe they will
have a number of Candidates that are not already in the CVE. They may
also prefer to have numbers ready in advance of a discovery just to
avoid having to pick them up one at a time. I am not imagining that
every CNA will want hundreds of numbers at their finger-tips, but their
internal mechanisms may dictate that they have some on hand.

It was just a suggetion to allow the mechanism to scale to any demand
rather than to assume they'll always be a one-to-one relationship
between discovery and picking up a CAN number.

Not crucial, just a nice-to-have.

Cheers,
Russ - NTBugtraq Editor

Page Last Updated or Reviewed: May 22, 2007