The CVE Board has created a new Working Group, the Naming Working Group. We would like to invite all members of the CVE Board and the CNAs to participate. This Working Group is also open to members of the
CWE and CAPEC projects.
The Naming Working Group will review our Abstraction rules. Where there are gaps between different naming systems (such as CVE, CWE, or CAPEC), the Working Group will clearly identify those gaps and consider
changes to CVE Abstraction rules to allow for reasonable and consistent naming for these cases. For example, branded security issues (such as FREAK or Badlock) can be far more complex than a typical vulnerability, and formal naming conventions fail to address
this kind scenario. (For FREAK, CVE IDs were assigned for the FREAK exploit in many products, but FREAK itself could not be easily "named".)
If you are interested in participating, the first step would be to join the Working Group discussion list, [hidden email].
To join, either respond to this message or email [hidden email] with the request.
Specific agendas and goals will be discussed on that list once it is populated.
Please let us know if you have any questions.
Daniel Adinolfi, CISSP
Lead Cybersecurity Engineer, The MITRE Corporation