Dailydave mailing list archives

Re: Taxonomy = wrong

From: mbarwise () intinfosec com
Date: Thu, 28 Jun 2007 17:24:09 +0100

"Books and people that focus on "Taxonomies" of source code 
vulnerabilities have almost intentionally missed the point. Labeling 
something isn't the same as understanding it..."

Years ago (2001-2004) tried to promote an open tree-structured 
vulnerability taxonomy that would have supported the concentration of 
all available sources (description, fixes, work-arounds, exploits and 
patch side-effects) in a single reference for any given 
vulnerability. No-one was interested. Instead we got the CVE.

Mike


Michael D. Barwise BSc, CEng, CITP, MBCS
Strategic Information Security Intelligence


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Taxonomy = wrong Dave Aitel (Jun 28)
- <Possible follow-ups>
- Re: Taxonomy = wrong mbarwise (Jun 28)