question re: old orgs nominating a new person

[jericho <jericho@attrition.org>]

Wait...

When did the precedent start that an existing org has the right to 
replace 
someone like this? Wasn't the board elected on PERSONAL merit all these 
years?

Just because a person/org has been on the board for sixteen years, 
doesn't 
mean they provide any value.

To wit, I deeply respect Casper Dik, I always have. I corresponded with 
him frequently over a decade ago regarding Sun vulnerabilities, am a 
fan 
of his work, and know he has great insight into our industry. That 
said, 
in sixteen years, he has posted to the board list *twice* (compared to 
Landfield 68 times, Seifried 47 times, Scott 14 times... and two of 
them 
have bee on the board for under two years). For whatever reason, Casper 
did not commit to the board and opt to provide his exceptional 
experience 
and insight to this endeavor over all those years, and as an industry, 
we 
are worse for it.

Oracle, as a company, does not embody the goals and mindset of a CNA at 
all. They have explicitly *countered* many of the things we strive for, 
primarily around vulnerability clarity in tracking and abstraction, and 
continue to fight that to this day. As an organization, Oracle is not 
fit 
to be a CNA, despite it being terribly convenient for MITRE.

Remove Casper from the picture, which you just did, and Oracle is no 
different than any other random company that wishes to have a presence 
on 
this board. In fact, they are actually LESS suited to than a newcomer 
that 
may be more open to the industry goals CVE is designed for.

If there is some policy about existing CNAs automagically getting a 
spot 
on the board, please cite that public reference so I can kick myself 
for 
not noticing and arguing it sooner.

.b



On Fri, 29 Apr 2016, Sain, Joe wrote:

: Casper Dik of Oracle has left the Editorial Board. We are working 
with Oracle to determine whether they wish to nominate a candidate to 
assume Casper's seat on the Board.
: 
: Casper Joined the Board in April 2000 as a senior staff engineer at 
Sun Microsystems. He was instrumental in the early days of CVE in 
selecting candidates, exploring how software vendors could use CVE to 
benefit their customers and the CVE community, and helping to lay the 
groundwork for the growth and acceptance of CVE. He participated in 
many Board meetings and was an active participant in Board discussions.
: 
: Thank you, Casper, for your contributions over the years.
: 
: The CVE Team
: 
: