|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CD PROPOSAL: SYSCON (Interim Decision 8/24)
- To: "Steven M. Christey" <coley@linus.mitre.org>
- Subject: Re: CD PROPOSAL: SYSCON (Interim Decision 8/24)
- From: Bill Hill <bill@mitre.org>
- Date: Wed, 18 Aug 1999 11:15:48 -0400
- CC: cve-editorial-board-list@lists.mitre.org
- Delivery-Date: Wed Aug 18 11:17:53 1999
- Organization: The MITRE Corporation
- References: <199908172246.SAA01538@basie.mitre.org>
REJECT. While sys admins are among the beneficiaries, there are others also. How could this rule help us or be used? The only way I can think would be to give some proclaimed operational type some leverage to dismiss other viewpoints. Not what we need. I believe there is value in considering what we do in light of the practicalities, as well as the purity, of what we are creating here, but I do not think any such special status is warranted. Bill "Steven M. Christey" wrote: > Please vote on this pervasive content decision using the space > provided below. This content decision is scheduled for Interim > Decision on August 24. > > - Steve > > Content Decision: SYSCON (System Administrator Consideration) > ------------------------------------------------------------- > > VOTE: > > (Member may vote ACCEPT, MODIFY, REJECT, or NOOP.) > > Short Description > ----------------- > > All content decisions and individual CVE vulnerabilities must be > considered in light of system administrators and security analysts, > who are the ultimate beneficiaries of the CVE. > > Rationale > --------- > > Security tools (such as assessment tools and IDSes), vulnerability > databases, and academic research all have an ultimate goal of helping > an enterprise to make itself more secure from attack. Within the > enterprise, system administrators and security analysts are the > individuals who perform the bulk of the work involved in securing > systems - applying patches, conducting assessments, keeping current > with new vulnerabilities, etc. > > One of the goals of the CVE is to facilitate data sharing among > security tools and databases. Therefore, its content decisions and > individual vulnerability entries should consider the impact and usage > to system administrators and security analysts, despite the > expectation that they might not use the CVE directly itself.
begin:vcard n:Hill;William tel;work:703-883-6416 x-mozilla-html:TRUE org:The MITRE Corporation adr:;;1820 Dolley Madison Blvd;McLean;VA;22102; version:2.1 email;internet:bill@mitre.org title:INFOSEC Engineer fn:Bill Hill end:vcard
S/MIME Cryptographic Signature
- References:
- CD PROPOSAL: SYSCON (Interim Decision 8/24)
- From: "Steven M. Christey" <coley@linus.mitre.org>
- CD PROPOSAL: SYSCON (Interim Decision 8/24)
- Prev by Date: Administrivia
- Next by Date: Re: CD PROPOSAL: CATSPEC (Interim Decision 8/24)
- Prev by thread: 2nd try Re: CD PROPOSAL: SYSCON (Interim Decision 8/24)
- Next by thread: Re: CD PROPOSAL: SYSCON (Interim Decision 8/24)
- Index(es):