Date: Wed, 8 Nov 2023 15:38:37 -0700 From: Mats Wichmann <mats@...hmann.us> To: oss-security@...ts.openwall.com Subject: Re: !CVE: A new platform to track security issues not acknowledged by vendors On 11/8/23 13:33, David A. Wheeler wrote: > The "!CVE" group isn't using "CVE", they're using "!CVE". The question is, > is that distinct enough, or will typical users be confused by it? > I don't know the answer to that. However, I do worry that perhaps > "!CVE" is not distinct enough. I'd say it's pretty clear it's confusing, given that non-alpha characters have mysterious behaviors in non-human situations, and this particular character is probably confusing to humans too, depending on how clear/large the font is. ICVE? 1CV? lCVE? On the computer side of the equation, I just put !CVE into the search bar of my browser. It didn't even bring up a page of results, it just sent me directly to: https://cve.mitre.org/ Don't do this. > I would *strongly* recommend that this group use "NotCVE" or "NCVE" instead of "!CVE". > That would be more clearly distinct, and they already call themselves that. > I'll also note that searching for "!CVE" and storing that prefix will also cause some problems. +1
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.