|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVE ID Syntax Vote - results and next steps
- To: <ahuger@sourcefire.com>, <jericho@attrition.org>
- Subject: Re: CVE ID Syntax Vote - results and next steps
- From: <Kent_Landfield@McAfee.com>
- Date: Thu, 18 Apr 2013 21:58:48 +0000
- Accept-Language: en-US
- CC: <cve-editorial-board-list@LISTS.MITRE.ORG>
- Delivery-Date: Thu Apr 18 18:02:14 2013
- In-Reply-To: <CAH+ZQFeodNOXg37Lhhj7BUnraMGCN9r8mFCJP0VgNp7Rrf=sOg@mail.gmail.com>
- List-Help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-Owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-Subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-Unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- Sender: <owner-cve-editorial-board-list@LISTS.MITRE.ORG>
- Thread-Index: AQHOPHqdDDHn280iS2Wc7geUI3AJbZjcdhMA
- Thread-Topic: CVE ID Syntax Vote - results and next steps
- user-agent: Microsoft-MacOutlook/14.3.2.130206
|
Agreed.
I could see changing my vote to A if the number of digits were extended. I responded that I believed Harold was on target with his idea to reevaluate Option A.
Harold wrote:
I agree that a revote using the same options would probably result in more or less the same result. But after reviewing the reasoning for voting, those that voted for Option B were mostly concerned
with avoiding the need to change again ("future proofing") while those who voted for Option A seemed to be mostly concerned with the variable length nature of Option B. I share both sets of concerns and I would presume that there is a point where a fixed length
identifier would be of an acceptable length that those who voted for Option B could be comfortable with and would address their "future proofing" concerns and those who voted for Option A would not believe would be too long. I would also like to suggest that
choosing whether to use leading zeroes or not be separate choice.
Using his logic, we could make it 10+ digits and not pad it with leading zeros. Then it would be capped at a static length but we would only have to use what we need. It could grow as needed and we would have the future proofing
that is a major reason stated by those who voted for Options B. The end user would see a CVE ID that is reasonable from a readability perspective, software would have a static length that we can grow into. An approach like this could potentially go a long
way to getting to a consensus majority.
Thoughts?
Kent Landfield
McAfee | An Intel Company Direct: +1.972.963.7096 Mobile: +1.817.637.8026 Web: www.mcafee.com
From: Alfred Huger <ahuger@sourcefire.com>
Date: Thursday, April 18, 2013 4:20 PM To: security curmudgeon <jericho@attrition.org> Cc: Kent Landfield <Kent_Landfield@McAfee.com>, cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org> Subject: Re: CVE ID Syntax Vote - results and next steps
|
- Follow-Ups:
- Re: CVE ID Syntax Vote - results and next steps
- From: security curmudgeon <jericho@attrition.org>
- Re: CVE ID Syntax Vote - results and next steps
- References:
- Re: CVE ID Syntax Vote - results and next steps
- From: Alfred Huger <ahuger@sourcefire.com>
- Re: CVE ID Syntax Vote - results and next steps
- Prev by Date: Re: CVE ID Syntax Vote - results and next steps
- Next by Date: Re: CVE ID Syntax Vote - results and next steps
- Prev by thread: Re: CVE ID Syntax Vote - results and next steps
- Next by thread: Re: CVE ID Syntax Vote - results and next steps
- Index(es):