[$] A turning point for CVE numbers

The Common Vulnerabilities andExposures (CVE) system was set up in 1999 as a way to referunambiguously to known vulnerabilities in software. That system has founditself under increasing strain over the years, and numerous projects haveresponded by trying to assert greater control over how CVE numbers areassigned for their code. On February 13, though, a big shoe dropped whenthe Linux kernel project announcedthat it, too, was taking control of CVE-number assignments. As is oftenthe case, though, the kernel developers are taking a different approach tovulnerabilities, with possible implications for the CVE system as a whole.