Security News > 2020 > November > CERT/CC Seeks to Remove Fear Element From Named Vulnerabilities
"Our goal," writes Metcalf, "Is to create neutral names that provides a means for people to remember vulnerabilities without implying how scary the particular vulnerability in question is."
There is no doubt that there is no apparent emotive bias to the new naming convention, but much still needs to be done on the project - and it is not entirely clear that two disconnected words are any better than one emotive word.
"In case anyone considers a word or name to be offensive," writes Metcalf, "We have a simple process to remove it from the corpus and re-generate a name." However, what is inoffensive to one person could be very offensive to another.
Vulnonym is currently described as an experiment, and CERT/CC asks users to "Let us know if this naming experiment is useful." However, many of the researching vendors who discover vulnerabilities are primarily motivated by the marketing potential of an emotive description - they may be reluctant to give up exposing MeltdownPlus in favor of Brisk Squirt.
Only time will tell whether this naming experiment proves worth the effort, or if the project gets consigned to the Ministry of Silly Names.