[VIM] Verified, confirmed, acknowledged, replicated... what?

Steven M. Christey coley at mitre.org
Tue Dec 6 01:37:55 EST 2005

Does anybody have a terminology for how "proven" a vulnerability is?

I use mixed terminology all the time...

For example, I say "vendor acknowledgement" when the vendor says that
the issue is real, but the associated CVE reference is a "CONFIRM"

I don't use "verified" or "validated" although I want to use one of
these words for when a third party agrees that an issue is real.

According to webster.com, "validate" means "to support or corroborate
on a sound or authoritative basis."

"verify" is "to establish the truth, accuracy, or reality of"

Both of these are the 2nd definition for the word.

Both list "confirm" as a synonym, which doesn't help.

Maybe it's best to stay away from the overloaded terms altogether and
just say "replicate" - DUPLICATE, REPEAT, as in "replicate a
statistical experiment"

- Steve

More information about the VIM mailing list