back to article Bug-hunters: They're coming outta the goddamn walls, aargh!

The organisation that administers the industry standard for classifying computer system security vulnerabilities wants to prepare its classification system for a world with an even greater number of bugs. Mitre Corp is considering adding a 100 times more CVE (Common Vulnerabilities and Exposures) slots each year to accommodate …

COMMENTS

This topic is closed for new posts.
Silver badge
Trollface

"Goddamn The Walls"

Shame, I preferred that version, what did you go and change it for...

0
0
(Written by Reg staff) Silver badge

Re: "Goddamn The Walls"

You guys are too quick to spot my screw-ups..

C.

2
0
Silver badge
Coat

It's game over man!

Game over!

1
0
Silver badge

Re: It's game over man!

I say we take off and debug the site from orbit. It's the only way to stay clean.

0
0
Facepalm

Why not

CVE-YYYY-1,2,3,4,5,6,7 ......................99999999999999

Just count in order from the left up to any number.

moronic.

0
0

Re: Why not

Errrrrrm probably because the systems receiving the number need to know the maximum number of digits in the number.

Or they just like to over-complicate things. :-)

0
0
Bronze badge

Natural Key vs Surrogate Key

If only they had used GUIDs, then there'd be none of this trouble.

CVE-2013-{1D3A5DC0-E9B6-41EE-BA9E-915C9C5CE15C}

It just rolls of the tongue!

0
0
Silver badge

year + arbitrary digits + check digit

What's the point of a check digit if the others are arbitrary?

0
0
Bronze badge

Re: year + arbitrary digits + check digit

Check digits are useful if people are typing or reading the digits manually. A decent check digit will catch one or two mistakes in other digits.

Your debit or credit card includes a parity check - search online for the Luhn algorithm. Amongst other things, it means websites can check that you've typed it correctly before sending the number to the payment processing company.

1
0
Silver badge
Thumb Up

Re: year + arbitrary digits + check digit

> Check digits are useful if people are typing or reading the digits manually.

Good point, thanks.

0
0
Silver badge
Alien

Suggested sliding scale of IT security event categorizations

In inverse order by severity....

A) Use harsh language

B) Lay down suppressing fire with the incinerators while withdrawing

C) LET'S ROCK!!!!

D) We have 4 canisters of nerve gas, let's just roll em' in their and gas the whole joint!

E) Take off and nuke the site from orbit. It's the only way to be sure.

F) Game over, man!! Game over!!!

(Even with the paraphrasing, I've obviously seen "Aliens" a few too many times.)

1
0
Bronze badge
Childcatcher

Make Room, Make Room

...it is only early February and we're already up to 462 CVEs this year already. Last year the total reached 5,373

So, if we assume a linear function, we should see an increase of about 150 this year over last. At that rate, again assuming linear growth, the 10,000 mark is apt to be broken around 2040. While reviewing procedures regularly should be incorporated into most IT policies, it does not look to me that there is a burning reason to make this change now.

I think the proposed changes provide a hint, but what else is going on?

0
0
This topic is closed for new posts.

Forums