Re: CVE ID Syntax Vote - results and next steps

[Pascal Meunier <pmeunier@cerias.purdue.edu>]

On Thu, 25 Apr 2013 16:23:04 +0000
"Andy Balinsky (balinsky)" <balinsky@cisco.com> wrote:

> Our staff that deals in searching on CVE's on a daily basis would also
> greatly appreciate tools that allowed matches on partial CVE's (e.g. if they
> interpreted CVE-2014-1 as CVE-2014-000001. This would be especially true if
> the number of digits expanded to 9, 14, or whatever. It is a pain to count
> all those zeros every time you search.)  But note that this would only be for
> searching. We would still advocate that people publish new CVE's with the
> full digit range. Publishing is a one-time event per CVE, where as searching
> may be done many times, as you are researching product vulnerabilities.

That would make a lot of sense.