|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVE ID Syntax Vote - results and next steps
- To: <Kent_Landfield@McAfee.com>
- Subject: Re: CVE ID Syntax Vote - results and next steps
- From: Adam Shostack <adam@homeport.org>
- Date: Fri, 19 Apr 2013 13:21:16 -0400
- CC: <cve-editorial-board-list@LISTS.MITRE.ORG>
- Delivery-Date: Fri Apr 19 13:23:35 2013
- In-Reply-To: <3CBA099FBA0AB843895D72474092B8CF1ED4E0@MIVEXAMER1N1.corp.nai.org>
- List-Help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-Owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-Subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-Unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <3CBA099FBA0AB843895D72474092B8CF1ED46C@MIVEXAMER1N1.corp.nai.org> <3CBA099FBA0AB843895D72474092B8CF1ED4E0@MIVEXAMER1N1.corp.nai.org>
- Sender: <owner-cve-editorial-board-list@LISTS.MITRE.ORG>
- User-Agent: Mutt/1.5.13 (2006-08-11)
This may seem a nit, but I'd like to add at least one option with trailing zeros. I always have trouble scanning columns of numbers when I have to ignore the zeros at the start. Adam On Fri, Apr 19, 2013 at 05:01:24PM +0000, Kent_Landfield@McAfee.com wrote: | There is one additional possibility that I did not include. | | OPTION H: Year + 12 digits, no leading 0's except IDs 1 to 999 | | Kent Landfield | | McAfee | An Intel Company | Direct: +1.972.963.7096 | Mobile: +1.817.637.8026 | Web: www.mcafee.com | | From: <Landfield>, Kent Landfield <Kent_Landfield@McAfee.com> | Date: Friday, April 19, 2013 11:42 AM | To: "cve-editorial-board-list@LISTS.MITRE.ORG" < | cve-editorial-board-list@LISTS.MITRE.ORG> | Subject: Re: CVE ID Syntax Vote - results and next steps | | | Can we have a quick poll on the combined set of existing options and the | ones Art has listed below? I'd think a re-whittling of the choices may get | us to a better place to conduct a vote. | + Do you desire a static length of the CVE Ids? --Yes ? No | + If so, what length do you feel would be acceptable to you?-- 6 ? 7 ? 12 | ? More? -- Something else? | Here are options that combines what Art listed as well as the original two | options. The original Option C has been dropped from this poll as a result | of the initial vote. | | OPTION A: Year + 6 digits, with leading 0's | | OPTION B: Year + arbitrary digits, no leading 0's except IDs 1 to 999 | | OPTION D: Year+ 7 digits with leading 0's | | OPTION E: Year + 12 digits with no leading zeros. | | OPTION F: Year + 12 digits with no leading zeros, starting at 1000 for each | year. | | OPTION G: Year + Infinite digits with no leading zeros, starting at 1000 | for each year. | | Just want to take a pulse as to where we are? | | Kent Landfield | | McAfee | An Intel Company | Direct: +1.972.963.7096 | Mobile: +1.817.637.8026 | Web: www.mcafee.com | | From: Art Manion <amanion@cert.org> | Date: Thursday, April 18, 2013 11:19 PM | To: "Booth, Harold" <harold.booth@nist.gov> | Cc: "cve-editorial-board-list@lists.mitre.org" < | cve-editorial-board-list@LISTS.MITRE.ORG> | Subject: Re: CVE ID Syntax Vote - results and next steps | | | -----BEGIN PGP SIGNED MESSAGE----- | Hash: SHA1 | | | On 2013-04-18 22:34, Booth, Harold wrote: | | | I would also add that with an Option B with no leading zeros, | | including less than four digits, a transition of sorts is available | | for the first year (or more) if CVE identifiers started at 1000. | | Until the 9000'th CVE tools would successfully chug along giving | | everyone a bit more transition time. This could allow even more | | time depending on the eventual number of CVEs created. Whereas with | | an Option A with padding there is no such transition, and whatever | | number of digits are agreed to are included in every CVE from the | | beginning (in 2014?). | | For the sake of further discussion, by no means an official set of | choices... | | Option D: Seven numeric characters with leading zeros. | | Option E: Twelve numeric characters, no leading zeros. | | Option F: Twelve numeric characters, no leading zeros, starting at | 1000 for each year. | | Option G: Infinite numeric characters, no leading zeros, starting at | 1000 for each year. | | I picked 12 because someone suggested 10+. I'm also saying "numeric | characters" to raise the issue of treating everything after "CVE" or | "CVE-YYYY" as a string. Not sure that capping it makes much | difference. | | Not sure this covers all the recently discussed options. | | Also not sure how to handle this situation procedurally? Declare a | mistrial and prepare another ballot, after further discussion? | | | ~ - Art | -----BEGIN PGP SIGNATURE----- | Version: GnuPG v1.4.13 (Darwin) | Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ | | iEYEARECAAYFAlFwxdoACgkQk/8FEDbCaKOPEgCgnbaNJBjQESDRgZIBfEkbwhGy | ZvkAoKAsHLKb4sYDNP+kd3buSlenErhb | =wcLt | -----END PGP SIGNATURE----- | |
- References:
- Re: CVE ID Syntax Vote - results and next steps
- From: <Kent_Landfield@McAfee.com>
- Re: CVE ID Syntax Vote - results and next steps
- From: <Kent_Landfield@McAfee.com>
- Re: CVE ID Syntax Vote - results and next steps
- Prev by Date: Re: CVE ID Syntax Vote - results and next steps
- Next by Date: RE: CVE ID Syntax Vote - results and next steps
- Prev by thread: Re: CVE ID Syntax Vote - results and next steps
- Next by thread: RE: CVE ID Syntax Vote - results and next steps
- Index(es):