Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 8 Nov 2023 15:38:37 -0700
From: Mats Wichmann <>
Subject: Re: !CVE: A new platform to track security issues not
 acknowledged by vendors

On 11/8/23 13:33, David A. Wheeler wrote:

> The "!CVE" group isn't using "CVE", they're using "!CVE". The question is,
> is that distinct enough, or will typical users be confused by it?
> I don't know the answer to that. However, I do worry that perhaps
> "!CVE" is not distinct enough.

I'd say it's pretty clear it's confusing, given that non-alpha 
characters have mysterious behaviors in non-human situations, and this 
particular character is probably confusing to humans too, depending on 
how clear/large the font is.  ICVE? 1CV? lCVE?  On the computer side of 
the equation,  I just put  !CVE  into the search bar of my browser. It 
didn't even bring up a page of results, it just sent me directly to:

Don't do this.

> I would *strongly* recommend that this group use "NotCVE" or "NCVE" instead of "!CVE".
> That would be more clearly distinct, and they already call themselves that.
> I'll also note that searching for "!CVE" and storing that prefix will also cause some problems.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.