Re: MODIFY-01 cluster: 25 CERT candidates moved to MODIFICATIONphase

To: "Steven M. Christey" <coley@linus.mitre.org>
Subject: Re: MODIFY-01 cluster: 25 CERT candidates moved to MODIFICATIONphase
From: Gene Spafford <spaf@cs.purdue.edu>
Date: Fri, 25 Jun 1999 22:25:50 -0500
Cc: cve-review@linus.mitre.org
In-Reply-To: <199906231740.NAA16955@basie.mitre.org>
References: <199906231740.NAA16955@basie.mitre.org>
Reply-To: spaf@cs.purdue.edu

A question that will come up again and again is whether the CVE lists:
    configuration vulnerabilities
    platform vulnerabilities
    software flaws
    attack types (exploits)

Or something completely different.

 From my point of view, if the software involved harkens from a 
different code base, then it merits a different listing.   Thus, a 
buffer overflow in mail servers should take multiple listings if it 
affects different servers.

The attack may be the same.   The underlying software flaw is the 
same.  But the CVE should reflect the configuration that is 
vulnerable, and that may require multiple entries.

My $.02.

--spaf

References:
- Re: MODIFY-01 cluster: 25 CERT candidates moved to MODIFICATION phase
  - From: "Steven M. Christey" <coley@linus.mitre.org>

Prev by Date: TEST - Dave, please just "reply"
Next by Date: RE: Cluster 03: VEN-SUN
Prev by thread: RE: MODIFY-01 cluster: 25 CERT candidates moved to MODIFICATION phase
Next by thread: RE: MODIFY-01 cluster: 25 CERT candidates moved to MODIFICATION phase
Index(es):
- Date
- Thread

Page Last Updated or Reviewed: May 22, 2007

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.