Dear members of the CVE Board –
Here is the agenda for today’s Board meeting.
Regards,
The MITRE CVE Team
Agenda
2:00 – 2:15:
Introductions, action items from the last meeting – Chris Coffin
-
Previous Action Item: MITRE (Chris C/Jonathan) to send out an email to the Board list to initiate the CNA Rules
revision process (regarding inclusion).
-
Previous Action Item: CNA rules discussion—MITRE will start putting together a list of things to discuss in follow
up calls.
-
Previous Action Item:
Send out note to the Board on the CVE Quality WG (MITRE).
- Previous Action Item:
Lisa Olson (Microsoft) to investigate sharing a paper as a place to start with CNA scope work.
- Previous Action Item:
MITRE will contact HackerOne to inquire about WordPress vulnerability and contact Kurt Seifried (CSA).
- Status:
Told Kurt that he should reach out to HackerOne directly on this and let us know if he had any issues in doing so.
- Previous Action Item:
Set up another discussion for Appthority as a research CNA.
- Status:
Done. Appthority is cleared to become a CVE CNA. We will have another call for Appthority and some Board members to discuss further.
- Previous Action Item:
Continue discussion to define set of product types, define value, determine whether it can be automated, and the effort involved in doing so (tagging).
- Previous Action Item:
Marketing message for CVE—send out CVE 101 to group and use as starting point (may need to customize for different audiences).
2:15 – 2:30:
Working Groups
·
Strategic Planning – Kent Landfield / Chris Coffin
·
Automation – Chris Johnson / Dave Waltermire
2:30 – 2:45:
CNA Update
·
DWF – Kurt Seifried
·
MITRE – Jonathan Evans
·
JPCERT – Taki Uchiyama
2:45 – 3:50:
Open Discussion
3:50 – 4:00:
Action items, wrap-up – Chris Coffin