On Thu, Oct 21, 1999 at 12:33:34PM -0400, Anton J Aylward wrote: | On Thursday, October 21, 1999 10:37 AM Adam Shostack said: | | > Russ and Scott have commented on the taxonomy issue, so I'll add that | > the CVE is also not a database. The closest analogy is either a | > multi-lingual dictionary or the latin name for a species (although | > this is a bad analogy when you dig deep.) | | The multi-lingual database makes sense. | The latin name for a species is a result of a taxonomy. | Its not the same thing. "the CVE is also not a database" Thus, I'm saying, in agreement with what Scott and Russ posted, that its not a taxonomy nor a database. | Of course you could just stop calling it a "taxonomy" and I'll stop | berating you for it. I never called it a taxonomy. Stop anytime. :) | > That is a critical part of | > starting to share information about vulnerabilities in a structured | > way. Such sharing of information -- being able to agree on what | > you're talking about -- is a critical precursor to doing a scientific | > analysis of the problems that exist. (You can do science without it, | > but its hard. | | Damn right. | Taxonomy, as many writers on the history of science have pointed out, | is the basis of a science. However, there are many pseudo-sciences | (e.g. close encounters of the Nth kind) that also employ taxonomy | and statistics to bolster their credibility. Having a taxonometric system | doesn't make you a science, lacking one doesn't mean you're not a science. | Some sciences, for example psychiatry, which overused the category "schizophrenia", | have been crippled by inappropriate classification schemes. Good, we can agree now. -- "It is seldom that liberty of any kind is lost all at once." -Hume
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:44:35 PDT