|
|
McAfee Vote for CVE ID Syntax Change
=====================================================
VOTING BALLOT
=====================================================
*****************************************************
FIRST CHOICE: B
---------------------------------------
OPTION B: Year + arbitrary digits, no leading 0's except IDs 1 to 999
- Examples:
CVE-2014-0001, CVE-2014-0999, CVE-2014-1234, CVE-2014-9999,
CVE-2014-10000, CVE-2014-54321, CVE-2014-99999,
CVE-2014-100000, CVE-2014-123456, CVE-2014-999999,
CVE-2014-1234567
---------------------------------------
REASONS (first choice):
Future proofing is important to McAfee. Our selection of Option B as our first choice, provides CVE with the ability to expand as needed in the future.
Additionally, this option allows for the least impact to the existing security user community. Customers are familiar with the existing format and the change to the new format will be much easier to explain and incorporate into our products. We do not want
to see ourselves back in a situation were a change is needed to the CVE format yet once again.
*****************************************************
SECOND CHOICE: A
-------------------------------------
OPTION A: Year + 8 digits, with leading 0's
- Examples:
CVE-2014-00000001, CVE-2014-00000999, CVE-2014-00001234,
CVE-2014-00009999, CVE-2014-00010000, CVE-2014-00123456,
CVE-2014-01234567, CVE-2014-12345678
-------------------------------------
REASONS (second choice):
While this was a serious consideration, it does not provide the future proofing we desire. There was little discussion about this specific option in regards to padding of leading zeros. If there had been the Board may have been able to make the use of
a fixed sized ID more acceptable.
=====================================================
Kent Landfield
McAfee | An Intel Company Direct: +1.972.963.7096 Mobile: +1.817.637.8026 Web: www.mcafee.com |