[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: The CVE-10K Problem



In September I addressed this issue in my presentation at the NIST
Security Automation Conference. <grin> While I may have worried some of
the Mitre folks with wondering what I was about to say </grin>, I
pitched the existing funding issue and the need to assure this and other
directly associated efforts were properly supported.  The response I
received from the government side was very positive.  What we need to do
is to document the increased growth of issues that have been addressed
and then make that very public. Real numbers, real timelines and
projected future numbers based on the existing growth curve. That is
powerful information to present to the existing sponsors.

There is a real need for substantive discussions as to how to support
industry foundation projects such as CVE, OVAL, XCCDF, etc. As a first
step the case for additional resources needs to be documented and
published.

--
Kent Landfield
Director, Security Research
McAfee, Inc.
+1 972.963.7096 Direct
+1 817.637.8026 Mobile
kent_landfield@mcafee.com
www.mcafee.com
 

-----Original Message-----
From: owner-cve-editorial-board-list@LISTS.MITRE.ORG
[mailto:owner-cve-editorial-board-list@LISTS.MITRE.ORG] On Behalf Of
Steven M. Christey
Sent: Thursday, January 18, 2007 11:49 AM
To: pmeunier
Cc: Steven M. Christey; cve-editorial-board-list
Subject: Re: The CVE-10K Problem

On Thu, 18 Jan 2007, pmeunier wrote:

> 	From all the replies, it seems that most of this board stopped
reading
> after your list of 4 options and missed your additional request for
> thoughts regarding funding and related issues.  I suggest you resend
> that as a separate message.

I wanted to raise the latter point as a consideration.  This year,
probably sooner rather than later, Dave Mann and I expect to be raising
the larger funding issues, and considering strategies for coping.

The Board seems fairly united on the numbering scheme, so we'll make an
announcement and see if general CVE consumers have any major issues.

- Steve


Page Last Updated or Reviewed: May 22, 2007