[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[CVEPRI] Upcoming CVE Activities



All,

It's been quiet on this mailing list, but it's hardly been quiet for
CVE.

I am about to release a new CVE version, but first, approximately 500
candidates will need to be moved to the INTERIM phase.  That will be
in a separate email, coming tonight.

The new CVE version will include references to both OSVDB and OVAL.
You may have noticed large scale additions of these references, and
others, over the past couple of weeks.

We will also be publishing the CVE and candidate lists in XML format.

The CVE version *after that* will likely include promotions of many
other candidates, as I am satisfied that content decisions like
CD:SF-LOC and CD:SF-EXEC have proven themselves to be stable,
repeatable, and reliable over the past couple years.  The various
Candidate Numbering Authorities have been using them independently,
without any major errors (allowing for the fact that CNA assignment
happens very early in the disclosure process.)

We also have a number of candidates waiting in the wings to be created
and proposed to the Editorial Board.  My colleague on the CVE content
team, Jen Schommer, has been diligently doing the background work on
creating these new issues, which should only require light editing
from me.  I am grateful to her for her efforts.

We have also been gearing up for our second round of evaluations for
certificates of CVE Compatibility, especially in the area of mapping
accuracy.  We've established a team and done much of the background
work and development necessary to complete these evaluations
effectively.  Barbara Pease, our longest-standing content team member,
will lead this effort.

While it is still in the very early stages, we have been taking a
close look at how to handle configuration issues in CVE.  Another
content team member, Charles Schmidt, has been doing some of this
development work, with Adam Shostack consulting.

In recent months, I've received inquiries from various Editorial Board
members regarding Board participation.  Managing and communicating
with the Editorial Board has been a lower priority than this
long-overdue new CVE version, but it's clear that a teleconference is
in order.  I propose that we hold a telecon sometime during the week
of September 13 through 17.  Soon after this telecon, we will be
saying goodbye to some Board members, and adding new ones who have
been patiently waiting in the wings.



- Steve

Page Last Updated or Reviewed: May 22, 2007