RE: Proposed Working group and workshop

To: "Landfield, Kent B" <kent.b.landfield@intel.com>, Art Manion <amanion@cert.org>, cve-editorial-board-list <cve-editorial-board-list@LISTS.MITRE.ORG>
Subject: RE: Proposed Working group and workshop
From: "Millar, Thomas" <Thomas.Millar@hq.dhs.gov>
Date: Fri, 26 Aug 2016 18:10:57 +0000
Accept-language: en-US
Authentication-results: spf=none (sender IP is 129.83.29.3) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=hq.dhs.gov;mitre.org; dkim=none (message not signed) header.d=none;
Delivery-date: Mon Aug 29 07:50:34 2016
In-reply-to: <F8A207B1-45B5-48A6-9A00-4D81A6090BFD@intel.com>
List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
References: <F8A207B1-45B5-48A6-9A00-4D81A6090BFD@intel.com>
Sender: <owner-cve-editorial-board-list@lists.mitre.org>
Spamdiagnosticmetadata: 6cdb8bfc89744bd8bfee511e3e65aa05
Spamdiagnosticoutput: 1:2
Thread-index: AQHR/8Qyt94cJx6AVkS7SiNzPzgTWqBbitqe
Thread-topic: Proposed Working group and workshop

Plans are nothing, planning is everything.

Tom Millar, US-CERT

Sent from +1-202-631-1915
https://www.us-cert.gov

From: owner-cve-editorial-board-list@lists.mitre.org on behalf of Landfield, Kent B
Sent: Friday, August 26, 2016 7:03:50 PM
To: Art Manion; cve-editorial-board-list
Subject: Re: Proposed Working group and workshop

Art wrote:
Some caution here: 3-5 years out in internet time is, IMO, not predictable. I do think we can pick some direction/priorities, and make some design choices that should enable flexibility when the future arrives, but I'm not a fan of putting lots of effort into a 5 year plan we'll have to throw away in <2 years.

I can’t agree more….

---
Kent Landfield
+1.817.637.8026

On 8/26/16, 12:52 PM, "Art Manion" <amanion@cert.org> wrote:

    On 2016-08-26 08:30, Landfield, Kent B wrote:

    > So what do we want CVE to look like in 3-5 years? How do we plan on
    > getting there?
    >
    > On the Board call today I suggested we create a working group to try to
    > address some of those questions. This is a working group as identified
    > in the Charter. Instead of waiting weeks to get started, I suggested we
    > create the WG as an ad-hoc working group until the Charter is approved
    > and then we can ‘officially anoint’ it.

    Sign me up. Does this WG include the full board yet :) ?

    On 2016-08-26 11:14, Williams, Ken wrote:
    > Comprehensive CVE coverage of ALL vulnerabilities is a worthwhile
    > goal to consider in such a WG.

    Agree.

    On 2016-08-26 12:02, Kurt Seifried wrote:
    > Stupid Question but why are we being so stingy with CVEs? We should
    > be handing them out like candy, and putting the "important" ones into
    > the database (and accepting well formed database submissions from
    > all).

    Agree.

    On 2016-08-26 08:30, Landfield, Kent B wrote:
    > So what do we want CVE to look like in 3-5 years? How do we plan on
    > getting there?

    Some caution here: 3-5 years out in internet time is, IMO, not
    predictable. I do think we can pick some direction/priorities, and make
    some design choices that should enable flexibility when the future
    arrives, but I'm not a fan of putting lots of effort into a 5 year plan
    we'll have to throw away in <2 years.

    Regards,

     - Art

References:
- Re: Proposed Working group and workshop
  - From: "Landfield, Kent B" <kent.b.landfield@intel.com>

Prev by Date: RE: FW: Proposed Working group and workshop
Next by Date: RE: SLA concerns for DWG CNAs (and probably other CNAs)
Previous by thread: Re: Proposed Working group and workshop
Next by thread: SLA concerns for DWG CNAs (and probably other CNAs)
Index(es):
- Date
- Thread