CVE Board Meeting Summary for June 27, 2018

To: CVE Editorial Board Discussion <cve-editorial-board-list@mitre.org>
Subject: CVE Board Meeting Summary for June 27, 2018
From: "Sain, Joe" <jas@mitre.org>
Date: Thu, 5 Jul 2018 10:22:54 -0400
Accept-language: en-US
Authentication-results: mitre.org; dkim=none (message not signed) header.d=none;mitre.org; dmarc=none action=none header.from=mitre.org;
Delivery-date: Thu Jul 5 10:43:13 2018
Thread-index: AdQUa3XJwyFVdAShQJCqYIQC/zvSsw==
Thread-topic: CVE Board Meeting Summary for June 27, 2018

CVE Board Meeting Summary – 27 June 2018

NOTE: The CVE Board Strategic Planning Working Group is conducting a Face to Face meeting in Gaithersburg, Maryland this week and as a result, the CVE Board meeting for June 27 was limited to updates from the Face to Face meeting and announcements from Board members.

Board Members in Attendance:

Kent Landfield (McAfee)

Scott Moore (IBM)

Kurt Seifried (RedHat)

David Waltermire (NIST)

Members of MITRE CVE Team in Attendance:

Chris Coffin

Chris Levendis

Joe Sain

Updates and Announcements

The Strategic Planning Working Group is making good progress on CVE Roles and Services. The plan is to have one or two priority services ready to pass onto the Automation Working Group to start building requirements and then to begin development.
The CVE Team met with the Cloud Security Alliance last week, and CSA is interested in being more involved in CVE and perhaps becoming a CNA at some point. We did inform them that vulnerabilities in cloud services do not currently meet our inclusion criteria, but that we are having discussions around these types of issues and that these discussions will continue. CSA stated that they would step up and create a working group that they would like MITRE to be involved with. They have a large user base and many vendors with whom they are interacting. The goal of the working group is to gauge the appetite for CVEs for cloud-based services, what the parameters around them would be, and will there be vendor buy-in. CSA is willing to do the work, and they would like to have the CVE Board and MITRE as active participants.
Kurt Seifried’s last day at Red Hat is Saturday, June 30. He will be transitioning to Cloud Security Alliance. He will also be continuing the work with DWF.
There will be an interview session with Lisa Olson (Microsoft) as part of the Board nomination process, scheduled for July 11.
Naver, a South Korean internet services provider, is now a CNA.

Action Items

MITRE to change Kurt Seifried’s organizational affiliation on the CVE web site from Red Hat to Cloud Security Alliance on July 2.

Next by Date: recent wave of Smart Contract vulns - out of scope?
Next by thread: recent wave of Smart Contract vulns - out of scope?
Index(es):
- Date
- Thread