[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FW: Proposed Working group and workshop

On 2016-08-26 08:30, Landfield, Kent B wrote:

> So what do we want CVE to look like in 3-5 years?  How do we plan on
> getting there? 
> 
> On the Board call today I suggested we create a working group to try 
> to
> address some of those questions. This is a working group as identified
> in the Charter. Instead of waiting weeks to get started, I suggested 
> we
> create the WG as an ad-hoc working group until the Charter is approved
> and then we can ‘officially anoint’ it. 

Sign me up.  Does this WG include the full board yet :) ?

On 2016-08-26 11:14, Williams, Ken wrote:
> Comprehensive CVE coverage of ALL vulnerabilities is a worthwhile
> goal to consider in such a WG.

Agree.

On 2016-08-26 12:02, Kurt Seifried wrote:
> Stupid Question but why are we being so stingy with CVEs? We should
> be handing them out like candy, and putting the "important" ones into
> the database (and accepting well formed database submissions from
> all).

Agree.

On 2016-08-26 08:30, Landfield, Kent B wrote:
> So what do we want CVE to look like in 3-5 years?  How do we plan on 
> getting there?

Some caution here:  3-5 years out in internet time is, IMO, not
predictable.  I do think we can pick some direction/priorities, and make
some design choices that should enable flexibility when the future
arrives, but I'm not a fan of putting lots of effort into a 5 year plan
we'll have to throw away in <2 years.

Regards,

 - Art
Page Last Updated or Reviewed: August 29, 2016