[ Date Prev ][ Date Next ][ Thread Prev ][ Thread Next ][ Date Index ][ Thread Index ]

Re: CVE's for "smart" contracts, legal execution engines

To : Kurt Seifried < kseifried@redhat.com >
Subject : Re: CVE's for "smart" contracts, legal execution engines
From : jericho < jericho@attrition.org >
Date : Tue, 21 Jun 2016 16:59:15 -0500
Cc : cve-editorial-board-list < cve-editorial-board-list@lists.mitre.org >
Delivery-date : Wed Jun 22 10:24:21 2016
Importance : high
In-reply-to : <CANO=Ty1zNLuWYGqP5-oOCg4uLXkZtcAGwS+KM2akux_EkpGgUQ@mail.gmail.com>
List-help : < mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST >
List-subscribe : < mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG >
List-unsubscribe : < mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG >
References : <CANO=Ty1zNLuWYGqP5-oOCg4uLXkZtcAGwS+KM2akux_EkpGgUQ@mail.gmail.com>
Sender : " owner-cve-editorial-board-list@lists.mitre.org " < owner-cve-editorial-board-list@lists.mitre.org >
Thread-index : AQHRyxgSctIEOZbM9ki0EKcJkF3eOJ/0eh2A
Thread-topic : CVE's for "smart" contracts, legal execution engines

On Mon, 20 Jun 2016, Kurt Seifried wrote:

: So the main issues that need to be dealt with:
:
: 1) Where do we draw the line on software/service for blockchain
: technologies?

Historically, the line has been drawn around the end-user software. So
a
vulnerability in the actual downloaded client qualifies for inclusion.
A
vulnerability in the 'math' behind the implementation is typically seen
as
a hybrid issue, or considered more a service offering. Issues in the
algorithm or implementation that can be abused via the client software
would fall under consumer software I believe, and warrant inclusion.

References :
- CVE's for "smart" contracts, legal execution engines
  - From: Kurt Seifried <kseifried@redhat.com>

Prev by Date: CVE's for "smart" contracts, legal execution engines
Next by Date: CVE Editorial Board teleconference summary - June 2, 2016
Previous by thread: CVE's for "smart" contracts, legal execution engines
Next by thread: CVE Editorial Board teleconference summary - June 2, 2016
Index(es):
- Date
- Thread

Page Last Updated or Reviewed: June 27, 2016

Site Map | Terms of Use | Privacy Policy | Contact Us | Follow CVE

Use of the CVE^™ List and the associated references from this website are subject to the terms of use . CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2021, The MITRE Corporation . CVE is a registered trademark and the CVE logo is a trademark of The MITRE Corporation.