[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE ID Syntax Change - Second Round Voting Ballot (Deadline Wednesday, May 22, 2013, 11:59 PM EDT)



McAfee Vote for CVE ID Syntax Change

=====================================================
VOTING BALLOT
=====================================================

*****************************************************

FIRST CHOICE: B
---------------------------------------
OPTION B: Year + arbitrary digits, no leading 0's except IDs 1 to 999

-  Examples:
   CVE-2014-0001, CVE-2014-0999, CVE-2014-1234, CVE-2014-9999,
   CVE-2014-10000, CVE-2014-54321, CVE-2014-99999,
   CVE-2014-100000, CVE-2014-123456, CVE-2014-999999,
   CVE-2014-1234567
---------------------------------------

REASONS (first choice):

Future proofing is important to McAfee. Our selection of Option B as our first choice, provides CVE with the ability to expand as needed in the future.  Additionally, this option allows for the least impact to the existing security user community.  Customers are familiar with the existing format and the change to the new format will be much easier to explain and incorporate into our products. We do not want to see ourselves back in a situation were a change is needed to the CVE format yet once again.

*****************************************************

SECOND CHOICE: A
-------------------------------------
OPTION A: Year + 8 digits, with leading 0's

-  Examples:
   CVE-2014-00000001, CVE-2014-00000999, CVE-2014-00001234,
   CVE-2014-00009999, CVE-2014-00010000, CVE-2014-00123456,
   CVE-2014-01234567, CVE-2014-12345678
-------------------------------------

REASONS (second choice): 

While this was a serious consideration, it does not provide the future proofing we desire.  There was little discussion about this specific option in regards to padding of leading zeros. If there had been the Board may have been able to make the use of a fixed sized ID more acceptable. 

=====================================================

Kent Landfield

McAfee | An Intel Company
Direct: +1.972.963.7096 
Mobile: +1.817.637.8026
Web: www.mcafee.com

 

Page Last Updated or Reviewed: October 03, 2014