RE: Agenda for CVE Board Meeting Wednesday, 15 November 2017

["Coffin, Chris" <ccoffin@mitre.org>]

Dave,

 

Thanks for the update. My apologies for the misrepresentation of the quality issue action item, and what you have proposed sounds reasonable. As for the feedback mechanism, we plan to talk about using Handshake issue tracking for this in today’s call.

 

Regards,

 

Chris

 

From: Waltermire, David A. (Fed) [mailto:david.waltermire@nist.gov]
Sent: Tuesday, November 14, 2017 8:08 PM
To: Coffin, Chris <ccoffin@mitre.org>; cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
Subject: Re: Agenda for CVE Board Meeting Wednesday, 15 November 2017

 

I will likely not be able to make this call due to travel. As a result here is a quick status on my action items.

 

Due to travel, I haven't made as much progress on reviewing the CNA rules as I had hoped. I do plan to complete this review soon and will send comments to the list once I have completed this work.

 

Regarding developing a list of CNAs that have quality issues, I never intended to do this. Instead, I suggested that I would work with the NVD team to identify and raise issues with the board as issues are found. I will do this on an ongoing basis to highlight quality issues that affect down stream use of CVE information. It might be worth identifying a more robust mechanism for others to identify similar issues to allow for a more robust feedback mechanism. This may be worth discussing on a board call at some point.

 

Regards,

Dave

---

From: owner-cve-editorial-board-list@lists.mitre.org <owner-cve-editorial-board-list@lists.mitre.org> on behalf of Coffin, Chris <ccoffin@mitre.org>
Sent: Wednesday, November 15, 2017 5:08:16 AM
To: cve-editorial-board-list
Subject: RE: Agenda for CVE Board Meeting Wednesday, 15 November 2017

 

Summary of Action Items from the Nov 1 Board Meeting

• Dave Waltermire volunteered to review current CNA rules for required items and flexible items.
• MITRE will schedule a Board meeting that will include the representatives from Github.
• MITRE will start a discussion about additional technical domains and areas that should have CVE coverage.
• The discussion on building the base (i.e., identifying and onboarding Root CNAs) will be discussed by the Strategic Planning WG.
• The discussion on broken links and handling them with the CVE downloads and JSON will continue in a Board email thread.
• Dave Waltermire will develop a list of CNAs that have quality issues.

 

 

From: owner-cve-editorial-board-list@lists.mitre.org [mailto:owner-cve-editorial-board-list@lists.mitre.org] On Behalf Of Common Vulnerabilities & Exposures
Sent: Tuesday, November 14, 2017 2:57 PM
To: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
Subject: Agenda for CVE Board Meeting Wednesday, 15 November 2017

 

Dear members of the CVE Board –

 

Here is the agenda for tomorrow’s CVE Board Meeting. Documents to be discussed during the meeting will be emailed separately.

 

Regards,

 

The MITRE CVE Team

>>> 

 

CVE Board Meeting 15 November 2017 -  Agenda

2:00 – 2:05: Introductions, action items from the last meeting – Chris Coffin

2:05 – 2:25: Working Groups

·       Strategic Planning – Kent Landfield

• Issues
• Actions
• Board Decisions

• Automation – George Theall

• Issues
• Actions
• Board Decisions

2:25 – 2:50: CNA Update

·       DWF – Kurt Seifried

• Issues
• Actions
• Board Decisions

·       General – Jonathan Evans, Nick Caron, Joe Sain

• Issues
• Actions
• Board Decisions

2:50 – 3:10: Documentation: CNA Processes – Jonathan Evans

3:10 – 3:30: Discussion: Problematic assignments for subpar reports via CVE request form - Chris Coffin and Jonathan Evans

                       Email thread on Board mailing list 10/23 - 11/13.

3:30 – 3:45: CVE communications, document repositories, and collaboration – Joe Sain

3:45 – 3:55: Open Discussion

3:55 – 4:00: Action items, wrap-up – Chris Coffin