CVE语言/术语变化

总而言之：这是我们开始在此处使用新的CVE术语来使用MITER来使用新的CVE术语的方式。这种变化反映在网站上，新闻发布，我们的谈话方式以及我们的思维方式。现在，CVE的意思是“常见的脆弱性和暴露”，说“ CVE”而不是“ CVE”在更加正确的情况下是正确的，因此我们一直在适当调整我们的语言。例如：“我们几乎达到了CVE的300大关，但我仍在等待董事会成员的一些选票。”[这只是一个随机的例子，没有任何隐藏的议程。]另外，我们非常谨慎地确保当我们真正的意思是“脆弱性和/或暴露”时，我们不会简单地说“脆弱性”。有时候，这样做很困难和笨拙。就我个人而言，我有时会说“问题”，但是我们没有任何一个词都含有这两个术语。有些人偶尔会说“ V＆E”，但这有时也很笨拙。但是，当我们谈到CVE中的特定“记录”时，我们说“ CVE进入”。但是，有一些术语良好且被理解为 "vulnerability assessment tools" and "vulnerability database." We have continued to use those terms, although it is now clear that some assessment tools and databases include exposures. A sample paragraph which integrates almost all of the language changes is as follows: "The CVE Editorial Board has been validating a number of vulnerabilities and exposures in CVE, and will have validated over 300 entries by the time of public release. Board members have also been mapping CVE entries for 20 information security problems to their own vulnerability databases, in anticipation of the upcoming Interoperability Demo. We expect to see CVE names being used in vulnerability databases and vulnerability assessment tools soon after the public release of CVE." This language usage will become more clear as you review the web site and other documents that are coming out of MITRE. - Steve