Mastodon Feed
Boosted by slightlyoff@toot.cafe ("Alex Russell"):
adamshostack@infosec.exchange ("Adam Shostack :donor: :rebelverified:") wrote:
The most important part of CVE is not the unique number, but the funding and expertise to run a credible program that assigns a unique number. The unique number was the center of what Dave Mann called a “concordance,” and I believe this is subtle but crucial: The value of CVE is not as a database, but as a stable way to cross-reference between databases and other tools. Dave and I have had many conversations about books having an ISBN, a UPC code, a Dewey number and a Library of Congress number. They serve different goals, and are managed by different groups.
I mention the books because assigning unique numbers in a stable way is harder than you'd expect.