|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TECH] CD:VAGUE (Vague Vendor Descriptions of Vulnerabilities)
- To: cve-editorial-board-list@lists.mitre.org
- Subject: Re: [TECH] CD:VAGUE (Vague Vendor Descriptions of Vulnerabilities)
- From: "Steven M. Christey" <coley@linus.mitre.org>
- Date: Tue, 19 Feb 2002 00:41:19 -0500 (EST)
- Delivery-Date: Tue Feb 19 00:41:23 2002
- Sender: owner-cve-editorial-board-list@lists.mitre.org
Scott Lawler said: >I'm sure if we beat this to [death] long enough we can come up with a >metric for vagueness too. :-) Funny you should mention that... I'm currently preparing the next CVE version, which means reviewing the candidates that have enough ACCEPT votes, making final modifications, etc. Since CD:VAGUE is so new, *and* this is the first time I've reviewed the major batch of legacy candidates that was proposed in September, I'm finding a number of candidates that are directly affected by CD:VAGUE. Besides the old CERT advisories and other advisories I've alluded to in past emails, I'm running across a few examples that pose the question: "how vague is too vague?" I'll ask this question (and others), and provide specific examples, sometime after a few hundred less questionable candidates are moved to the Interim Decision phase. - Steve
- Follow-Ups:
- Re: [TECH] CD:VAGUE (Vague Vendor Descriptions of Vulnerabilities)
- From: Stu Green <sgreen@tigertesting.com>
- Re: [TECH] CD:VAGUE (Vague Vendor Descriptions of Vulnerabilities)
- Prev by Date: Re: [TECH] CD:VAGUE (Vague Vendor Descriptions of Vulnerabilities)
- Next by Date: RE: [TECH] CD:VAGUE (Vague Vendor Descriptions of Vulnerabilities)
- Prev by thread: Re: [TECH] CD:VAGUE (Vague Vendor Descriptions of Vulnerabilities)
- Next by thread: Re: [TECH] CD:VAGUE (Vague Vendor Descriptions of Vulnerabilities)
- Index(es):