[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] !CVE: A new platform to track security issues not acknowledged by vendors
From:       Vegard Nossum <vegard.nossum () oracle ! com>
Date:       2023-11-08 17:52:03
Message-ID: 720a3438-0411-4f13-8531-7e6bcac83e77 () oracle ! com
[Download RAW message or body]


On 08/11/2023 14:22, !CVE Team wrote:
> ==============
> What is a !CVE
> ==============
> 
>     - A common place for !vulnerabilities (read not vulnerabilities)
> 
>     - Security issues not covered by the traditional CVE.
> 
>     - An identifier following common naming starting with an exclamation
>       mark(!) Example: !CVE-2023-0001

I am not a lawyer, but I'd assume you would run into some issues with
the naming of all this -- wasn't that the exact issue that somebody else
ran into when they tried to assign identifiers to bugs that MITRE
wouldn't acknowledge? Here's what they said back then:

<https://cve.mitre.org/news/archives/2021/news.html#April022021_Message_to_DWF_from_the_CVE_Board>

I somehow doubt the presence of the ! makes much of a difference.


Vegard
[prev in list] [next in list] [prev in thread] [next in thread]