[ Date Prev ][ Date Next ][ Thread Prev ][ Thread Next ][ Date Index ][ Thread Index ]

Re: CVE ID Syntax change - Round two vote results and comments

To : security curmudgeon < jericho@attrition.org >
Subject : Re: CVE ID Syntax change - Round two vote results and comments
From : "Steven M. Christey" < coley@mitre.org >
Date : Thu, 23 May 2013 18:55:12 -0400
CC : "Boyle, Stephen V." < sboyle@mitre.org >, cve-editorial-board-list< cve-editorial-board-list@LISTS.MITRE.ORG >
Delivery-Date : Thu May 23 18:57:25 2013
In-Reply-To : < alpine.LNX.2.00.1305231712270.15152@forced.attrition.org >
List-Help : < mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST >
List-Owner : < mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG >
List-Subscribe : < mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG >
List-Unsubscribe : < mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG >
References : < 5084579A0A81C947AB6E6BFB7AFCF9DF03BE5354@IMCMBX03.MITRE.ORG > < alpine.LNX.2.00.1305231712270.15152@forced.attrition.org >
Reply-To : < coley@mitre.org >
Sender : < owner-cve-editorial-board-list@LISTS.MITRE.ORG >

On Thu, 23 May 2013, security curmudgeon wrote:

> I would like to know why MITRE made an executive decision for 8
> digits when that was not clearly the concensus of the discussion. This
> type of choice seems to defeat the stated purpose of the editorial board.

The Board was given notice of an 8 digit option, and asked to comment, an
entire week before the second vote began.

On Tuesday, April 30, we posted a message "Second round of discussion and
voting for new CVE ID Syntax" to the Editorial Board, in which we
specifically suggested a year plus 8 digits:

   http://cve.mitre.org/data/board/archives/2013-04/msg00074.html

The only response was from Kent Landfield, showing support for our
proposal and bringing up a separate topic.

Since there were no additional comments, but it was apparent that our
email went out to the list, we then proceeded with the vote according to
the schedule.

>2. The question that has been put to MITRE at least once, if not more,
>that has gone unanswered is more troubling.

Speaking only for myself, I was reluctant to draw too much attention to
the fact that we gave a week's notice to the Board, and only one person
responded.

- Steve

References :
- CVE ID Syntax change - Round two vote results and comments
  - From: "Boyle, Stephen V." <sboyle@mitre.org>
- Re: CVE ID Syntax change - Round two vote results and comments
  - From: security curmudgeon <jericho@attrition.org>

Prev by Date: Re: CVE ID Syntax change - Round two vote results and comments
Next by Date: Re: CVE ID Syntax change - Round two vote results and comments
Prev by thread: Re: CVE ID Syntax change - Round two vote results and comments
Next by thread: Re: CVE ID Syntax change - Round two vote results and comments
Index(es):
- Date
- Thread