Do you know “Heartbleed” is a bug from the TLS implementation in OpenSSL, coded CVE-2014-0160? The CVE Identifier is not friendly; people love names. However, the bug named by security companies may be too sensational and cause fear, uncertainty, and doubt.
CERT/CC Vulnonym
CERT/CC: ‘Sensational’ bug names spark fear, hype – so we’ll give flaws our own labels… like Suggestive Bunny
CVE
- Common Vulnerabilities and Exposures (CVE)
- NIST National Vulnerability Database (NVD)
- NIST SP 800-51 R1: Guide to Using Vulnerability Naming Schemes
- CVE Numbering Authority (CNA) Rules
- CVE Records
- CVE Terminology and FAQ
Vulnonym
- @vulnonym
- CERT/CC launches Twitter bot to give security bugs random names
- CERT/CC Aims to Tackle FUD with New CVE-Naming Bot
- CERT/CC Seeks to Remove Fear Element From Named Vulnerabilities
- Vulnonym: Stop the Naming Madness!
- The entirely predictable problems with the Vulnonym naming scheme
- CERT/CC: ‘Sensational’ bug names spark fear, hype – so we’ll give flaws our own labels… like Suggestive Bunny
- 避免漏洞命名製造恐慌,CERT/CC將自己為漏洞起名字
I found this whole thing so amusing I created my own vulnonym algorithm which updates daily from nist. I fed it Carnegie Mellon’s block list of bad words to spark fear, uncertainty and doubt. https://vulnonym.org