Do you know “Heartbleed” is a bug from the TLS implementation in OpenSSL, coded CVE-2014-0160? The CVE Identifier is not friendly; people love names. However, the bug named by security companies may be too sensational and cause fear, uncertainty, and doubt.
CERT/CC: ‘Sensational’ bug names spark fear, hype – so we’ll give flaws our own labels… like Suggestive Bunny
- Common Vulnerabilities and Exposures (CVE)
- NIST National Vulnerability Database (NVD)
- NIST SP 800-51 R1: Guide to Using Vulnerability Naming Schemes
- CVE Numbering Authority (CNA) Rules
- CVE Records
- CVE Terminology and FAQ
- CERT/CC launches Twitter bot to give security bugs random names
- CERT/CC Aims to Tackle FUD with New CVE-Naming Bot
- CERT/CC Seeks to Remove Fear Element From Named Vulnerabilities
- Vulnonym: Stop the Naming Madness!
- The entirely predictable problems with the Vulnonym naming scheme
- CERT/CC: ‘Sensational’ bug names spark fear, hype – so we’ll give flaws our own labels… like Suggestive Bunny