再保险:CVE ID发行策略使用新的ID语法

1)“前导零”:是否这样做,任何少于4位数仍将突出截断误差;这很好。我宁愿保留第一个1000 id将最后期限延长一点。从技术上讲,格式字符串“% 04 d”编码预期的行为;它不是很复杂,所以我发现小的想法使用第一个1000 id。我认为CVE id应该遵循前几年的实践,首先CVE - 2014 - 0001。2)保护id是一个聪明的想法,我喜欢他们,但他们只会使检测更容易和更快一点。我相信任何错误将足够迅速地报道,即使没有他们。它可以提供保证的人可能担心转换; it's not clear to me how much that matters. However, it shouldn't be needed, and would only be useful in 2014. I think the benefit is small, at a small cost, so the cost/benefit ratio is indeterminate. Another use might be for MITRE to gather statistics more easily about failures to adopt the new format. I would leave this one up to the level of interest expressed and MITRE's willingness to manage the exception and educate people about it. Pascal