[VIM] Verified, confirmed, acknowledged, replicated... what?
Steven M. Christey
coley at mitre.org
Tue Dec 6 01:37:55 EST 2005
Does anybody have a terminology for how "proven" a vulnerability is?
I use mixed terminology all the time...
For example, I say "vendor acknowledgement" when the vendor says that
the issue is real, but the associated CVE reference is a "CONFIRM"
I don't use "verified" or "validated" although I want to use one of
these words for when a third party agrees that an issue is real.
According to webster.com, "validate" means "to support or corroborate
on a sound or authoritative basis."
"verify" is "to establish the truth, accuracy, or reality of"
Both of these are the 2nd definition for the word.
Both list "confirm" as a synonym, which doesn't help.
Maybe it's best to stay away from the overloaded terms altogether and
just say "replicate" - DUPLICATE, REPEAT, as in "replicate a
More information about the VIM