斜方投CVE ID语法

这是横切的投票。——史蒂夫= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =投票投票= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =输入您的选票在前面指定“指令”和“填写选票”部分。* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *的第一选择:选择B原因(首选):相当多数的僧帽CVE团队首选B,其优点包括:——它可以扩大到任意数量的漏洞在一年;它是无限的,不需要更改了。——选择一个相比,它不太可能,人们会产生畸形的id(由于因素如转录错误或漏报leading-0位数)。这将使其更容易使用non-CVE-speaking可靠地像Google这样的搜索引擎找到给定CVE大多数公共信息。- id相比更可读选项a .至少在可预见的未来,大多数新语法CVE IDs将只使用4或5位数。——此选项将购买额外的时间组织采用的新语法额外的数字,自9999年第一个漏洞2014看起来就像original-syntax CVE id,所以更改不会立即实现在2014年1月的时间框架。一个限制是,用户没有意识到的语法变化可能会认为只有4位数,无意中截断不再id;例如,cve - 2014 - 12345可能被解释为cve - 2014 - 1234通过一个自动化的过程,仍然假设4位数的ID。因为在选项B ID都是可以接受的,这可能导致错误的通信错误的漏洞。 There are also slightly more complex rules to validate a CVE using this syntax. Overall, however, the benefits outweigh the costs. ***************************************************** SECOND CHOICE: Option A REASONS (second choice): A small minority of the MITRE CVE team preferred Option A, primarily because of the fixed ID length; validation of Option B syntax would have more complex "rules" due to the requirements for leading 0's for numbers between 1 and 999. However, some of the most important limitations included: - The large number of digits reduces the readability of the CVE ID. - Compared to Option B, there is a higher likelihood that CVE publishers and users might omit some of the extra digits, producing malformed IDs that would make the CVE more difficult to find using search engines such as Google. - We do not anticipate a time in the coming years, maybe even decades, when CVE would need to cover so many vulnerabilities in a year that 8 digits (or maybe even 6 digits) would be necessary.