Dailydave mailing list archives
Re: News is about the details
From: "Steven M. Christey" <coley () mitre org>
Date: Mon, 19 Jun 2006 18:04:03 -0400 (EDT)
Dave Aitel said:
One thing I think Microsoft DOES have to change is their classification system for "remote" versus "remote (but really client-side)". It's confusing to the public
The whole remote/local thing has been problematic for a couple years, so I won't rehash that too much. The term we've started using in CVE is "user-complicit", which recognizes that there are social engineering or external forces at work. In some cases, the only reasonable delivery mechanism occurs over remote channels (say, via e-mail or a chat message), so we still might say "remote user-complicit". Our usage is still evolving slightly. Then you have what CVE calls "context-dependent" issues, which could be local *or* remote, depending on how the affected product is being used. This frequently applies to general-purpose libraries, e.g. for image manipulation. In such cases, the library might frequently be part of a web package or a command line program. Both terms are clunky and will die as soon as someone comes up with something better. There have been a few possible terms tossed around in this area, but I don't think anybody's hit on the right answer yet, where "right" means "usable enough that it reaches a flash point where everyone starts saying it." We need a lot more terminological flash points in this biz. - Steve ======================================================================= Disclaimer: This message was publicly posted for the purpose of timely technical information exchange, and may contain errors, omissions, or imprecise conversational tone. Stated opinions are those of Steve Christey and may be imprecise or evolve over time. They do not necessarily reflect the views of The MITRE Corporation. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- News is about the details Dave Aitel (Jun 14)
- <Possible follow-ups>
- Re: News is about the details Steven M. Christey (Jun 20)
- Re: News is about the details Isaac Dawson (Jun 21)
- PaiMei RE Framework Pedram Amini (Jun 21)