Re: CVE ID语法投票,结果和下一步

在星期四,2013年4月18日,Kent_Landfield@McAfee.com写道::历史提供了教训,如果你忽略他们,你要求:问题。当我们在1999年开始CVE没有感受是:可能达到每年10000 cf。这是共识的:所有参与。快进10年,我们遇到了问题。我不会那些已经确定。当时,许多人意识到10 k一年是可能的,即使不可能。:今天我们在一个位置我们必须纠正:问题/情况我们曾经认为不可思议。我们真的想:目光短浅,忽略我们积极看到发生在:我们过去?荒谬的是,保守,是的。你的评论确实是不正确的。 As of this day, CVE has not hit 10,000 vulnerabilities in a year. We have not "actively seen [this] occur to us in the past", or present. CVE is almost 14 years old, and has not hit 10k in a given year. Even with the creation of CNAs, increased awareness, a push for researchers to obtain an ID before disclosure, educating vendors to do it, and pressing Kurt Siefried into a CVE-labor camp, still no 10k. Yes, there is a chance we will hit 10k, possibly this year. But I also remind you of the board's decision to actually stop pursuing the goal of issuing a CVE to all disclosed vulnerabilities. Instead of making an effor to assign more, CVE has collectively decided to back off that, and only focus on the 'priority' vendors and sources. This shift in CVE is part of what I mentioned before in those quotes, that a 1MIL+ CVE-a-year is a radically different CVE than we have today. It would fundamentally shift the purpose of the effort, not to mention the way it operates. : As a vendor that has to deal with this across many different product : lines, many different research and development databases across : differing security technologies, we really do not want to find ourselves : in this situation again. This type of effort, changing a format that is And this speaks to my point about selfish desires. You are making this decision based on YOUR company, and YOUR development cycles that will be used to change the scheme internally. This is not voting in the interest of the community at all. : or internal development or research resources has to be verified that it : will not have an issue with the format change. This is not like having : one database, this is very extensive and the costs to make this change : and validate it will be too. I will be the community advocate on this response: So what? Your problem, not mine. : This impacts the community as a whole. This change will cause : problems in areas we have no idea of today. This argument is just as valid for voting against 'B' as it is against 'A'.