|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVE request form is missing an important bit
- To: "Andy Balinsky (balinsky)" <balinsky@cisco.com>
- Subject: Re: CVE request form is missing an important bit
- From: jericho <jericho@attrition.org>
- Date: Thu, 5 Jan 2017 14:31:12 -0600
- Authentication-results: spf=none (sender IP is 129.83.29.2) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=temperror action=none header.from=attrition.org;mitre.org; dkim=none (message not signed) header.d=none;
- Cc: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
- Delivery-date: Thu Jan 5 16:34:57 2017
- Importance: high
- In-reply-to: <F2C68D76-CFCB-4BB9-AC71-384F450643D5@cisco.com>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <alpine.LNX.2.00.1701041735180.23402@forced.attrition.org> <MWHPR09MB1485ED2C400BF395B8A1C387A1600@MWHPR09MB1485.namprd09.prod.outlook.com> <F1C1BF76-8894-42BE-BF9A-EF9C8867A0E8@intel.com> <F2C68D76-CFCB-4BB9-AC71-384F450643D5@cisco.com>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 6cdb8bfc89744bd8bfee511e3e65aa05
- Spamdiagnosticoutput: 1:2
- User-agent: Alpine 2.00 (LNX 1167 2008-08-23)
On Thu, 5 Jan 2017, Andy Balinsky (balinsky) wrote: : My point is that the year of the CVE shouldn't be a major data item, and : it shouldn't matter much if the year is 2016 or 2017 for a December : vuln. "Shouldn't matter", yet every company that uses the CVE data set to generate statistics rely on that to count by year, even if the vulnerability was disclosed a year prior to the ID (e.g. disclosed in 2015, received a 2016 ID). This is a simple fact, and a majority of the 'statistics' we see surrounding vulnerabilities are impacted by this. .b
- References:
- CVE request form is missing an important bit
- From: jericho <jericho@attrition.org>
- RE: CVE request form is missing an important bit
- From: "Coffin, Chris" <ccoffin@mitre.org>
- Re: CVE request form is missing an important bit
- From: "Landfield, Kent B" <kent.b.landfield@intel.com>
- Re: CVE request form is missing an important bit
- From: "Andy Balinsky (balinsky)" <balinsky@cisco.com>
- CVE request form is missing an important bit
- Prev by Date: RE: CVE request form is missing an important bit
- Next by Date: Test set of CVE IDs
- Previous by thread: RE: CVE request form is missing an important bit
- Next by thread: Test set of CVE IDs
- Index(es):