!!! New CVE ID Syntax !!! 1 January 2014 !!!

2013-06-07 / 2013-06-10
Credit: MITRE
Risk: High
Local: Yes
Remote: Yes
CWE: N/A

All, The second vote for the CVE ID Syntax closed on May 22nd, 2013. The CVE Editorial Board reached a voting quorum (18 voters from a pool of 23 eligible voters), and we reached a majority in favor of Option B. The results were: - 15 votes for the variable-length Option B (e.g. CVE-2014-9999 and CVE-2014-12345) - 3 votes for the 8-digit, fixed-length, revised Option A (e.g. CVE-2014-00000001 and CVE-2014-12345678) Because of comments received during the voting period, we provided an opportunity for the Board to take up the question of rescinding the vote. In addition, we wanted to address with the Board a direct question of whether a change to the length of the 8-digit Option A might have led to a different result for the selection vote. There was no affirmation from the Board to either discuss rescinding the vote or to reconsider the length specification of the revised and (by consensus vote) rejected Option A. As of Thursday, June 6th 2013, Option B has been selected as the new ID Syntax for CVE beginning 1 January 2014. To reprise, Option B specifies the following: - Variable length - 4-digit Year + four fixed digits for IDs up to 9999 - IDs 0001 through 0999 padded with leading zeros - IDs over 9999 will expand as needed, no leading zeros Examples: - Four digit IDs (through 9999) - CVE-2014-0001, CVE-2014-0999 - CVE-2014-1234, CVE-2014-9999 - Five digit IDs (> 9999) - CVE-2014-10000, CVE-2014-54321, CVE-2014-99999 - Six digit IDs (> 99999) - CVE-2014-100000, CVE-2014-123456, CVE-2014-999999 - Etc., as needed We again want to express our sincere thanks and gratitude to the CVE Editorial Board and other active participants for all of the discussion and engagement as we went through this process. Your combined attention and efforts have once again moved CVE forward, to the benefit of the community as a whole. As noted in an earlier message to the CVE Editorial Board, we will be working with the Board on communication strategies, documentation, strategies for how to issue new IDs, and other related items. We will notify this list as things progress. Best Regards, The MITRE CVE Team

References:

http://cve.mitre.org/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top