[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
2nd try Re: CD PROPOSAL: SYSCON (Interim Decision 8/24)
Now that I've calmed down let me try again. My point is that academics
will loose interest in the CVE if it is perceived as flawed. This is
likely to happen if the concerns and opinions voiced by academics are
ignored. This is essentially what this CD will achieve, by positioning
academic interests as secondary to those of system administrators and
security analysts.
Pascal
>Content Decision: SYSCON (System Administrator Consideration)
>-------------------------------------------------------------
>
>VOTE:
>
>(Member may vote ACCEPT, MODIFY, REJECT, or NOOP.)
>
>
>
>Short Description
>-----------------
>
>All content decisions and individual CVE vulnerabilities must be
>considered in light of system administrators and security analysts,
>who are the ultimate beneficiaries of the CVE.
>
>
>Rationale
>---------
>
>Security tools (such as assessment tools and IDSes), vulnerability
>databases, and academic research all have an ultimate goal of helping
>an enterprise to make itself more secure from attack. Within the
>enterprise, system administrators and security analysts are the
>individuals who perform the bulk of the work involved in securing
>systems - applying patches, conducting assessments, keeping current
>with new vulnerabilities, etc.
>
>One of the goals of the CVE is to facilitate data sharing among
>security tools and databases. Therefore, its content decisions and
>individual vulnerability entries should consider the impact and usage
>to system administrators and security analysts, despite the
>expectation that they might not use the CVE directly itself.