The organisation that administers the industry standard for classifying computer system security vulnerabilities wants to prepare its classification system for a world with an even greater number of bugs. Mitre Corp is considering adding a 100 times more CVE (Common Vulnerabilities and Exposures) slots each year to accommodate …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Tuesday 5th February 2013 11:50 GMT Alister

"Goddamn The Walls"

Shame, I preferred that version, what did you go and change it for...

0 0
1. Tuesday 5th February 2013 12:27 GMT diodesign
  
  Re: "Goddamn The Walls"
  
  You guys are too quick to spot my screw-ups..
  
  C.
  
  2 0
  1. Tuesday 5th February 2013 13:08 GMT Crisp
    
    It's game over man!
    
    Game over!
    
    1 0
    1. Tuesday 5th February 2013 16:25 GMT Destroy All Monsters
      
      Re: It's game over man!
      
      I say we take off and debug the site from orbit. It's the only way to stay clean.
      
      0 0
Tuesday 5th February 2013 12:29 GMT I think so I am?

Why not

CVE-YYYY-1,2,3,4,5,6,7 ......................99999999999999

Just count in order from the left up to any number.

moronic.

0 0
1. Tuesday 5th February 2013 12:43 GMT FunkyEric
  
  Re: Why not
  
  Errrrrrm probably because the systems receiving the number need to know the maximum number of digits in the number.
  
  Or they just like to over-complicate things. :-)
  
  0 0
Tuesday 5th February 2013 12:45 GMT Buzzword

Natural Key vs Surrogate Key

If only they had used GUIDs, then there'd be none of this trouble.

CVE-2013-{1D3A5DC0-E9B6-41EE-BA9E-915C9C5CE15C}

It just rolls of the tongue!

0 0
Tuesday 5th February 2013 12:47 GMT Phil O'Sophical

year + arbitrary digits + check digit

What's the point of a check digit if the others are arbitrary?

0 0
1. Tuesday 5th February 2013 13:56 GMT Buzzword
  
  Re: year + arbitrary digits + check digit
  
  Check digits are useful if people are typing or reading the digits manually. A decent check digit will catch one or two mistakes in other digits.
  
  Your debit or credit card includes a parity check - search online for the Luhn algorithm. Amongst other things, it means websites can check that you've typed it correctly before sending the number to the payment processing company.
  
  1 0
  1. Tuesday 5th February 2013 15:08 GMT Phil O'Sophical
    
    Re: year + arbitrary digits + check digit
    
    > Check digits are useful if people are typing or reading the digits manually.
    
    Good point, thanks.
    
    0 0
Tuesday 5th February 2013 16:53 GMT Anonymous Coward

Suggested sliding scale of IT security event categorizations

In inverse order by severity....

A) Use harsh language

B) Lay down suppressing fire with the incinerators while withdrawing

C) LET'S ROCK!!!!

D) We have 4 canisters of nerve gas, let's just roll em' in their and gas the whole joint!

E) Take off and nuke the site from orbit. It's the only way to be sure.

F) Game over, man!! Game over!!!

(Even with the paraphrasing, I've obviously seen "Aliens" a few too many times.)

1 0
Tuesday 5th February 2013 19:25 GMT Robert Helpmann??

Make Room, Make Room

...it is only early February and we're already up to 462 CVEs this year already. Last year the total reached 5,373

So, if we assume a linear function, we should see an increase of about 150 this year over last. At that rate, again assuming linear growth, the 10,000 mark is apt to be broken around 2040. While reviewing procedures regularly should be incorporated into most IT policies, it does not look to me that there is a burning reason to make this change now.

I think the proposed changes provide a hint, but what else is going on?

0 0