Emergent Chaos

The sixth presentation was based on a paper titled "Towards a Common Enumeration of Vulnerabilities" by David E. Mann and Steven M. Christey from the MITRE Corporation. This presentation also generated considerable interest from the audience. They tackled the problem of dealing with several heterogeneous vulnerability databases and presented the Common Vulnerability Enumeration (CVE) mechanism for sharing of vulnerability data. They related the CVE to current practices on vulnerability data sharing.

From the "2nd Workshop on Research with Security Vulnerability Databases" writeup in IEEE Cipher. From a recent email to the CVE editorial board:

Our CVE compatibility evaluation program has continued to grow, with Bob Martin's leadership. Now, over 230 products and services, from 140+ organizations, have at least declared their intentions for CVE compatibility. 53 products have obtained official "CVE Compatible" status, with another set of products to be announced soon.

All from one talk, seven years ago, and an awful lot of hard work along the way.

(Disclosure: I'm working with MITRE on a CVE related project.)