Re: Issues for configuration problems in the CVE

To: cve-editorial-board-list@lists.mitre.org
Subject: Re: Issues for configuration problems in the CVE
From: "Steven M. Christey" <coley@linus.mitre.org>
Date: Fri, 16 Jul 1999 13:13:08 -0400 (EDT)
Sender: owner-cve-editorial-board-list@lists.mitre.org

Gene Spafford wrote:

>When I first had a student (Taimur Aslam) look at classifications of
>problems, configuration errors fell out as one category.  However, we
>found there were some ambiguities with user interface error, and
>incorrect documentation.  If something is misconfigured because the
>documentation is unclear (or wrong), is that a bug?  If so, where?  In
>the software that doesn't match the documentation, or in the
>documentation that doesn't match the software?

I see why the questions needs to be asked from a perspective of
classification and explanation; however, I don't think this particular
issue has much of an impact on the CVE.  The configuration problem
exists because of something a user did, regardless of how the user did
it or why they did it.  I believe that's sufficient for the CVE.

- Steve

Follow-Ups:
- Re: Issues for configuration problems in the CVE
  - From: Gene Spafford <spaf@cs.purdue.edu>

Prev by Date: CVE Review meetings 7/29-30 and 8/12-13 in Bedford, MA
Next by Date: Re: CONTENT DECISION: Content Decisions for "Password Selection" problems
Prev by thread: Re: Issues for configuration problems in the CVE
Next by thread: Re: Issues for configuration problems in the CVE
Index(es):
- Date
- Thread

Page Last Updated or Reviewed: May 22, 2007

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.