|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Current standards/criteria for 'Undefined Behavior'
- To: "Coffin, Chris" <ccoffin@mitre.org>, "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
- Subject: RE: Current standards/criteria for 'Undefined Behavior'
- From: Beverly Finch <beverlyfinch@lenovo.com>
- Date: Fri, 7 Jul 2017 19:18:10 +0000
- Accept-language: en-US
- Authentication-results: spf=none (sender IP is 129.83.29.3) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=fail action=none header.from=lenovo.com;
- Cc: Carsten Eiram <che@riskbasedsecurity.com>, cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
- Delivery-date: Fri Jul 7 15:45:58 2017
- In-reply-to: <MWHPR09MB14850889D355EC6534F77EF1A1AA0@MWHPR09MB1485.namprd09.prod.outlook.com>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <alpine.LNX.2.00.1705021224040.32256@forced.attrition.org> <BY2PR09MB104693962DC9E3AFA1117DC9CC160@BY2PR09MB1046.namprd09.prod.outlook.com> <alpine.LNX.2.00.1705081849310.32256@forced.attrition.org> <59571B66-144E-4120-B166-7EDDD6C53E5D@mitre.org> <CACph5NXYh4g=NvHMXuE3xz5yip1SuF_Qqcvq5XyGp4Ns-FkihA@mail.gmail.com> <b61d743d-fae0-b9e4-c0d4-db9ee799f230@cert.org> <MWHPR09MB1485D96532AC748942475730A1AA0@MWHPR09MB1485.namprd09.prod.outlook.com> <alpine.LNX.2.00.1707071211180.3395@forced.attrition.org> <MWHPR09MB1440BDAAEA64A7057654921DF0AA0@MWHPR09MB1440.namprd09.prod.outlook.com> <MWHPR09MB14850889D355EC6534F77EF1A1AA0@MWHPR09MB1485.namprd09.prod.outlook.com>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 5952c28dcc454f0789fb433d26f936ef
- Spamdiagnosticoutput: 1:2
- Thread-index: AQHS9pYKagdcugWeXk6RJOUn0ujwVaJIyseAgABGa4CAAAp2AIAAECCA//+Sb9A=
- Thread-topic: Current standards/criteria for 'Undefined Behavior'
I prefer calls over more email. I apologize for missing this past one....life happened and I was totally unavailable. Regards, Beverly M Finch, PMP PSIRT Program Manager Product Security Office 7001 Development Drive Office 3N-C1 Morrisville, NC 27560 +1 919 294 5873 beverlyfinch@lenovo.com Lenovo.com Twitter | Facebook | Instagram | Blogs | Forums -----Original Message----- From: owner-cve-editorial-board-list@lists.mitre.org [mailto:owner-cve-editorial-board-list@lists.mitre.org] On Behalf Of Coffin, Chris Sent: Friday, July 7, 2017 2:50 PM To: Waltermire, David A. (Fed) Cc: Carsten Eiram; cve-editorial-board-list Subject: RE: Current standards/criteria for 'Undefined Behavior' Dave, The meeting minutes were intended to be an overview of past meetings and allow someone to be aware of what was discussed and any decisions made. We apologize if this specific issue and decision was not properly captured in the meeting minutes for the call in question, and will try to do a better job with this moving forward. Let's also pull on this thread a bit and discuss what this might mean if we move our issues and possibly decisions to the mailing list. Are we suggesting that we create a separate email thread for each issue and/or decision from the calls? Would the email threads be a recount of the issues discussed an decisions made on the Board call, or would we want input from the list in every case before making a final decision? It sounds as though we are suggesting the latter. One worry in going this route would be that we'd never actually make any decisions on the Board calls and the value of them could be greatly diminished. I think this also leads to a larger question of whether folks on the Board prefer fewer calls and more mailing list communications? What are others thoughts? Regards, Chris -----Original Message----- From: Waltermire, David A. (Fed) [mailto:david.waltermire@nist.gov] Sent: Friday, July 7, 2017 12:52 PM To: jericho <jericho@attrition.org>; Coffin, Chris <ccoffin@mitre.org> Cc: Carsten Eiram <che@riskbasedsecurity.com>; cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org> Subject: RE: Current standards/criteria for 'Undefined Behavior' What Brian is asking for here is something we absolutely should be doing to host a healthy board community. My schedule has been chaotic recently and I haven't been able to attend the calls like I normally do. Posting these types of issues to the list would give me a way to contribute to the conversation when I cannot be on the calls. I am sure others on the board share the same view on this as Brian and me. We have talked about this quite a few times, but change has been slow and incomplete. How do we make this a standard practice going forward? Thanks, Dave > -----Original Message----- > From: owner-cve-editorial-board-list@lists.mitre.org > [mailto:owner-cve- editorial-board-list@lists.mitre.org] On Behalf Of > jericho > Sent: Friday, July 07, 2017 1:15 PM > To: Coffin, Chris <ccoffin@mitre.org> > Cc: Carsten Eiram <che@riskbasedsecurity.com>; > cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org> > Subject: RE: Current standards/criteria for 'Undefined Behavior' > Importance: High > > On Fri, 7 Jul 2017, Coffin, Chris wrote: > > : Yes. We discussed on a Board call and decided to discontinue > assignment > : for undefined behavior issues. > > A couple things: > > 1. Which call? I do not see this topic in the meeting minutes for the > last three meetings. > > 2. If a new policy is implemented based on a conference call, it > would > benefit everyone if it was more clearly stated in the meeting > minutes, > and it should also be posted directly to the list under a new thread. > > 3. There are issues I bring up on list, that are then discussed > almost > exclusively on the calls with a fraction of the board present. The > gist of the discussion and even the final disposition are not always > included in the minutes, and not brought to the list. That leaves > emails to the board list that appear to be unaddressed in any fashion. > Since the list is public, this is not a good external perception for > MITRE or the Board. > > Brian
- Follow-Ups:
- RE: Current standards/criteria for 'Undefined Behavior'
- From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
- RE: Current standards/criteria for 'Undefined Behavior'
- References:
- Re: Current standards/criteria for 'Undefined Behavior'
- From: Art Manion <amanion@cert.org>
- RE: Current standards/criteria for 'Undefined Behavior'
- From: "Coffin, Chris" <ccoffin@mitre.org>
- RE: Current standards/criteria for 'Undefined Behavior'
- From: jericho <jericho@attrition.org>
- RE: Current standards/criteria for 'Undefined Behavior'
- From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
- RE: Current standards/criteria for 'Undefined Behavior'
- From: "Coffin, Chris" <ccoffin@mitre.org>
- Re: Current standards/criteria for 'Undefined Behavior'
- Prev by Date: RE: Current standards/criteria for 'Undefined Behavior'
- Next by Date: RE: Current standards/criteria for 'Undefined Behavior'
- Previous by thread: RE: Current standards/criteria for 'Undefined Behavior'
- Next by thread: RE: Current standards/criteria for 'Undefined Behavior'
- Index(es):