[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re: [CVEPRI] Increasing numbers and timeliness of candidates



Steve,

(a) Timeliness is important but we do have to balance to maintain some level of accuracy.

(b) An acceptable level of noise is the low sustained level of inaccuracy often dealing with some possible duplicates and level of abstraction challenges.  How many "errors" a month is too many?  I'm not sure this level is possible to determine...let alone define, track, and meet to everyone's expectations.

(c) I think planned monthly updates are fine.

The issue is simply one of balancing timeliness with accuracy.  IMHO, starting with a focus on timeliness is a higher priority than initial accuracy.  The accuracy on an individual vulnerability will improve as the CANs are discussed and voted on.  It appears to me that most of the time the Board gets it right on the first try though.  Maybe 1 in 100 causes some consternation.  Personally, I think that's a reasonable level to deal with.

Scott

Scott A. Lawler, CISSP
Director, Incident Response Technology
Veridian Information Solutions

Page Last Updated or Reviewed: May 22, 2007