Many memorable events get named, whether they're hurricanes, political events, or security incidents like the Morris Worm, which surfaced 32 years ago yesterday.
But named security incidents recently have editorialized their own importance with fear-mongering monikers like Heartbleed (2014), Meltdown, Spectre, and Foreshadow (2018), and Fallout and ZombieLoad (2019).
Not all do so. There have been less emotionally loaded bug names proposed, like CacheOut, CrossTalk, and RIDL, but name-amplified alarmism has become prevalent enough to prompt the infosec experts at the CERT cybersecurity division of Carnegie Mellon University's Software Engineering Institute, to intervene.
Last month, the CERT/CC began applying names to Common Vulnerabilities and Exposures (CVE) identifiers, to make them easier to recall and less likely to cause concern.
"Sensational names are often the tool of the discoverers to create more visibility for their work," sensational names spark flaws labels suggestive bunny
