|
|
MITRE would like to take this opportunity to notify the CVE Editorial Board of our upcoming participation in a track entitled “The Future of Global Vulnerability Reporting” at the Information Technology Security Automation Conference (ITSAC), to be held October 31st – November 2nd in Arlington, VA. ITSAC is sponsored by the US National Institute for Standards and Technology (NIST) in conjunction with the Department of Homeland Security (DHS), National Security Agency (NSA), and Defense Information Systems Agency (DISA). ITSAC is focused primarily on the Security Content Automation protocol (SCAP) and on “the breadth and depth of automation principles and technologies designed to support automation requirements across organizations in multiple sectors,” as described in the conference announcement at http://www.nist.gov/itl/csd/7th-annual-scap-conference.cfm. Representatives from DHS have invited MITRE to participate in the “Future of Global Vulnerability Reporting” track, and we have accepted. For your information, the track summary is as follows: “The rate of vulnerability discoveries and disclosures continues to accelerate at an ever-increasing pace. At the same time, the needs of the communities who consume and use vulnerability reporting information are evolving. The numerous current providers of cybersecurity vulnerability reports and related information each have their strengths and shortcomings, often related directly to the needs of specific communities. When viewed through the lens of a projected cybersecurity world one, two, or five years out, it appears that there is a need for something more, or at least different from, what is provided by today’s vulnerability reporting mechanisms and capabilities. This four-session track will explore the current vulnerability reporting landscape using some well-known examples, and attempt to project what that landscape might look like in the near- to mid-future. Following the panel discussions, a workshop will give interested attendees an opportunity to discuss these issues in more detail with fellow users and practitioners.” For more information about the conference, please see the conference announcement at http://www.nist.gov/itl/csd/7th-annual-scap-conference.cfm. While MITRE views participation in this track as a valuable opportunity to discuss the topic in the context of the NIST-sponsored conference and attendee community, we also recognize this represents only a part of the larger vulnerability management community that CVE seeks to serve. To this end, we would encourage all Editorial Board members to seek opportunities to engage with all possible constituencies on these topics and to keep your fellow Board members aware of those engagements. If you have any questions or comments, please respond to the list or feel free to contact me at sboyle@mitre.org. Best Regards, Steve Boyle MITRE CVE Project Lead |