Firewall Wizards mailing list archives
Re: The Common Vulnerabilities and Exposures taxonomy
From: Adam Shostack <adam () homeport org>
Date: Thu, 21 Oct 1999 12:39:01 -0400
On Thu, Oct 21, 1999 at 12:33:34PM -0400, Anton J Aylward wrote: | On Thursday, October 21, 1999 10:37 AM Adam Shostack said: | | > Russ and Scott have commented on the taxonomy issue, so I'll add that | > the CVE is also not a database. The closest analogy is either a | > multi-lingual dictionary or the latin name for a species (although | > this is a bad analogy when you dig deep.) | | The multi-lingual database makes sense. | The latin name for a species is a result of a taxonomy. | Its not the same thing. "the CVE is also not a database" Thus, I'm saying, in agreement with what Scott and Russ posted, that its not a taxonomy nor a database. | Of course you could just stop calling it a "taxonomy" and I'll stop | berating you for it. I never called it a taxonomy. Stop anytime. :) | > That is a critical part of | > starting to share information about vulnerabilities in a structured | > way. Such sharing of information -- being able to agree on what | > you're talking about -- is a critical precursor to doing a scientific | > analysis of the problems that exist. (You can do science without it, | > but its hard. | | Damn right. | Taxonomy, as many writers on the history of science have pointed out, | is the basis of a science. However, there are many pseudo-sciences | (e.g. close encounters of the Nth kind) that also employ taxonomy | and statistics to bolster their credibility. Having a taxonometric system | doesn't make you a science, lacking one doesn't mean you're not a science. | Some sciences, for example psychiatry, which overused the category "schizophrenia", | have been crippled by inappropriate classification schemes. Good, we can agree now. -- "It is seldom that liberty of any kind is lost all at once." -Hume
Current thread:
- The Common Vulnerabilities and Exposures taxonomy Rick Smith (Oct 19)
- Re: The Common Vulnerabilities and Exposures taxonomy Marcus J. Ranum (Oct 19)
- RE: The Common Vulnerabilities and Exposures taxonomy Scott Blake (Oct 20)
- Re: The Common Vulnerabilities and Exposures taxonomy Rick Smith (Oct 20)
- Re: The Common Vulnerabilities and Exposures taxonomy Adam Shostack (Oct 21)
- RE: The Common Vulnerabilities and Exposures taxonomy Anton J Aylward (Oct 21)
- Re: The Common Vulnerabilities and Exposures taxonomy Adam Shostack (Oct 21)
- RE: The Common Vulnerabilities and Exposures taxonomy Anton J Aylward (Oct 21)
- Re: The Common Vulnerabilities and Exposures taxonomy Adam Shostack (Oct 21)
- Re: The Common Vulnerabilities and Exposures taxonomy Marcus J. Ranum (Oct 19)
- <Possible follow-ups>
- RE: The Common Vulnerabilities and Exposures taxonomy Doty, Ted (ISSAtlanta) (Oct 20)
- RE: The Common Vulnerabilities and Exposures taxonomy Anton J Aylward (Oct 21)
- Re: The Common Vulnerabilities and Exposures taxonomy Bill_Royds (Oct 20)
- RE: The Common Vulnerabilities and Exposures taxonomy Russ (Oct 20)
- RE: The Common Vulnerabilities and Exposures taxonomy Doty, Ted (ISSAtlanta) (Oct 21)
- RE: The Common Vulnerabilities and Exposures taxonomy Anton J Aylward (Oct 21)
- RE: The Common Vulnerabilities and Exposures taxonomy Russ (Oct 23)