|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: CVE Automation Working Group Charter
- To: "Johnson, Christopher" <christopher.johnson@nist.gov>, CVE Editorial Board Discussion <cve-editorial-board-list@mitre.org>
- Subject: RE: CVE Automation Working Group Charter
- From: "Levendis, Chris" <clevendis@mitre.org>
- Date: Thu, 17 May 2018 13:56:44 -0400
- Accept-language: en-US
- Authentication-results: nist.gov; dkim=none (message not signed) header.d=none;nist.gov; dmarc=none action=none header.from=mitre.org;
- Delivery-date: Thu May 17 15:48:51 2018
- In-reply-to: <06C7B873-E4FC-4F85-9387-14066DD21728@nist.gov>
- References: <06C7B873-E4FC-4F85-9387-14066DD21728@nist.gov>
- Thread-index: AQHT7fVcP4r+K5w14kS1KR6iaziAsqQ0MXWg
- Thread-topic: CVE Automation Working Group Charter
|
Hi Chris, I pulled the following principle from the charter: •Use free and open source solutions where possible. Avoid solutions that require propriety, closed systems, or are not compatible with CVE
terms of use I agree with this principle but think it is incomplete. Efficiency of use and management, and scalability are important considerations when considering any potential
solution. Effectiveness is dealt with by another principle, but it is possible to have a non-scalable and inefficient solution that is effective. In other words, it works but it is too expensive in terms of labor hours to manage. The statement could say: •Use free and open source solutions where possible. Avoid solutions that require propriety, closed systems, are not plausibly scalable to
support program growth, are labor intensive to manage, or are not compatible with CVE terms of use. I also recommend numbering the bullets under each of the sections so that we can refer to them by number instead of having to state the bullet each time we need to
reference it in written or verbal discussion. C From: Johnson, Christopher S. (Fed) [mailto:christopher.johnson@nist.gov]
CVE Board Members,
I am recommending the attached CVE Automation Working Group charter for approval by the board. Please review the charter and submit your vote to this email list by Noon EDT on Thursday, May 31. The results of the vote will be announced
at the June 13th board meeting.
The charter is also available from the GitHub repository:
https://github.com/CVEProject/automation-working-group/blob/master/CAWG_Charter_DRAFT.md
Thank you,
Chris Johnson CVE Automation Working Group |
- Follow-Ups:
- Re: CVE Automation Working Group Charter
- From: Kurt Seifried <kseifried@redhat.com>
- Re: CVE Automation Working Group Charter
- References:
- CVE Automation Working Group Charter
- From: "Johnson, Christopher S. (Fed)" <christopher.johnson@nist.gov>
- CVE Automation Working Group Charter
- Prev by Date: CVE Automation Working Group Charter
- Next by Date: Re: CVE Automation Working Group Charter
- Previous by thread: CVE Automation Working Group Charter
- Next by thread: Re: CVE Automation Working Group Charter
- Index(es):