Naming Working Group

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Naming Working Group

Adinolfi, Daniel R

Greetings,

 

The CVE Board has created a new Working Group, the Naming Working Group. We would like to invite all members of the CVE Board and the CNAs to participate. This Working Group is also open to members of the CWE and CAPEC projects.

 

The Naming Working Group will review our Abstraction rules. Where there are gaps between different naming systems (such as CVE, CWE, or CAPEC), the Working Group will clearly identify those gaps and consider changes to CVE Abstraction rules to allow for reasonable and consistent naming for these cases. For example, branded security issues (such as FREAK or Badlock) can be far more complex than a typical vulnerability, and formal naming conventions fail to address this kind scenario. (For FREAK, CVE IDs were assigned for the FREAK exploit in many products, but FREAK itself could not be easily "named".)

 

If you are interested in participating, the first step would be to join the Working Group discussion list, [hidden email].

 

To join, either respond to this message or email [hidden email] with the request.

 

Specific agendas and goals will be discussed on that list once it is populated.

 

Please let us know if you have any questions.

 

Thanks.

 

-Dan

_________________________

Daniel Adinolfi, CISSP

Lead Cybersecurity Engineer, The MITRE Corporation

CVE Communications and CNA Coordinator

Email: <[hidden email]>  Phone: 781-271-5774

 

 

 

Loading...