Title | CVE 10K is Almost Here | |
Date | Friday September 19 2014, @10:47PM | |
Author | LaminatorX | |
Topic | ||
from the ought-to-be-enough-for-anybody dept. |
Common Vulnerabilities and Exposures (CVE) is a standard identifier for referencing known security vulnerabilities in the information security world. The identifiers are broadly used in security products such as vulnerability scanners, providing a convenient way of cross-referencing data between various tools and databases. For most of its existence, the CVE Identifier for any given vulnerability has been in the format CVE-YYYY-NNNN, where YYYY is the year the identifier was assigned, and NNNN is an incrementing fixed-width number that restarts every year.
Because the time is fast approaching where there will be more than 10,000 CVE Identifiers assigned in a year, the CVE Identifier syntax has been updated to support variable-length numbers which is likely to pose a problem for applications which have not been updated to permit more than 4 digits in the identifier. The change was adopted in July of last year, taking effect on January 1, 2014.
Personally, it sometimes feels to me that CVE identifiers are being wasted on silly things like esoteric mobile apps, but I concede that running out of numbers is an inevitability regardless of the editorial stance of the CVE Editorial Board.
Links |
printed from SoylentNews, CVE 10K is Almost Here on 2024-04-25 19:27:32