Welcome to the latest issue of the CVE-Announce e-newsletter. This email
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/May 9, 2013
-------------------------------------------------------
Contents:
1. Feature Story
2. Also in this Issue
3. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
Status Update on the CVE ID Syntax Change
As initially announced in the January 24, 2013 article "Call for Public
Feedback on Upcoming CVE ID Syntax Change," due to the increasing volume of
public vulnerability reports, the Common Vulnerabilities and Exposures (CVE)
project will change the syntax of its standard vulnerability identifiers so
that the CVE List can track more than 10,000 vulnerabilities in a single
year as the current syntax, CVE-YYYY-NNNN, only supports a maximum of 9,999
unique identifiers per year.
The initial plan called for a period of public feedback, followed by a
formal vote by members of the CVE Editorial Board. That voting period has
closed and resulted in a tie between Option A and Option B (for details on
the three original options, please see
http://cve.mitre.org/data/board/archives/2013-01/msg00011.html).
SECOND VOTE NEEDED
After discussion with the CVE Editorial Board, MITRE proposed dropping
Option C from consideration, and offering a new selection between a slightly
modified Option A and the current Option B.
The proposed (new) Option A extends the available numbering space to 8
digits, as opposed to the current 4 digits, or the earlier proposed 6
digits. Together with the unchanged Option B, the new options for
consideration are:
Option A (Year + 8 digits, fixed length, with leading zeros)
Examples: CVE-2014-00000001, CVE-2014-00009999, CVE-2014-12345678
Option B (Year + arbitrary digits, no leading zeros except for IDs 1-999)
Examples: CVE-2014-0001, CVE-2014-0999, CVE-2014-1234567
If you are interested in following the discussion, you may subscribe to the
CVE-ID-Syntax-Discuss mailing list, if you have not already done so, by
following the instructions below:
To subscribe, send an email to listserv@lists.mitre.org. In the body of
the email, type: subscribe CVE-ID-SYNTAX-DISCUSS-LIST
If you wish to have your name included in your subscription, or if you have
trouble subscribing using the above, please use this alternate "Subscribe"
line:
To subscribe using the alternate method, send an email to
listserv@lists.mitre.org. In the body of the email, type: subscribe
CVE-ID-SYNTAX-DISCUSS-LIST <your name>
SCHEDULE FOR SECOND VOTE
The CVE Editorial Board Voting schedule noted below was preceded by a public
discussion period from 1 May 2013 through 7 May 2013:
Wednesday, 8 May 2013, 12:01 AM (EDT) - Second official CVE Editorial
Board voting period begins
Wednesday, 22 May 2013, 11:59 PM (EDT) - Second official CVE Editorial
Board voting period ends
We will announce the results of the vote here, on the on the CVE Web site,
and on other email lists as soon as the vote is complete and verified.
Please send any comments or concerns to cve@mitre.org.
LINKS:
Upcoming CVE-IDs Syntax Change -
http://cve.mitre.org/data/board/archives/2013-01/msg00011.html
"Call for Public Feedback on Upcoming CVE ID Syntax Change" article -
http://cve.mitre.org/news/index.html#jan242013a
CVE Editorial Board - http://cve.mitre.org/community/board/
CVE List - http://cve.mitre.org/cve/
About CVE Identifiers - http://cve.mitre.org/cve/identifiers/index.html
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* MITRE Hosts CVE Booth at "InfoSec World 2013"
* CVE Mentioned in "Automating Security Compliance & Operations to Protect
Critical Infrastructure" Webinar
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2013, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.
For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org.
Learn more about Making Security Measurable at
http://measurablesecurity.mitre.org and Strengthening Cyber Defense at
http://www.mitre.org/work/cybersecurity/cyber_standards.html.
Thursday, May 9, 2013
Subscribe to:
Comments (Atom)
