|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVE's for "smart" contracts, legal execution engines
- To: Kurt Seifried <kseifried@redhat.com>
- Subject: Re: CVE's for "smart" contracts, legal execution engines
- From: jericho <jericho@attrition.org>
- Date: Tue, 21 Jun 2016 16:59:15 -0500
- Cc: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
- Delivery-date: Wed Jun 22 10:24:21 2016
- Importance: high
- In-reply-to: <CANO=Ty1zNLuWYGqP5-oOCg4uLXkZtcAGwS+KM2akux_EkpGgUQ@mail.gmail.com>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <CANO=Ty1zNLuWYGqP5-oOCg4uLXkZtcAGwS+KM2akux_EkpGgUQ@mail.gmail.com>
- Sender: "owner-cve-editorial-board-list@lists.mitre.org" <owner-cve-editorial-board-list@lists.mitre.org>
- Thread-index: AQHRyxgSctIEOZbM9ki0EKcJkF3eOJ/0eh2A
- Thread-topic: CVE's for "smart" contracts, legal execution engines
On Mon, 20 Jun 2016, Kurt Seifried wrote: : So the main issues that need to be dealt with: : : 1) Where do we draw the line on software/service for blockchain : technologies? Historically, the line has been drawn around the end-user software. So a vulnerability in the actual downloaded client qualifies for inclusion. A vulnerability in the 'math' behind the implementation is typically seen as a hybrid issue, or considered more a service offering. Issues in the algorithm or implementation that can be abused via the client software would fall under consumer software I believe, and warrant inclusion.
- References:
- CVE's for "smart" contracts, legal execution engines
- From: Kurt Seifried <kseifried@redhat.com>
- CVE's for "smart" contracts, legal execution engines
- Prev by Date: CVE's for "smart" contracts, legal execution engines
- Next by Date: CVE Editorial Board teleconference summary - June 2, 2016
- Previous by thread: CVE's for "smart" contracts, legal execution engines
- Next by thread: CVE Editorial Board teleconference summary - June 2, 2016
- Index(es):