2:00 – 2:15:
Introductions, action items from the last meeting – Chris Coffin
-
Previous Action Item: MITRE to send out an email to the Board list to initiate the CNA Rules revision process
(regarding inclusion).
-
Previous Action Item:
Send out note to the Board on the CVE Quality WG (MITRE).
-
Previous Action Item: Continue discussion to define set of product types, define
value, determine whether it can be automated, and the effort involved in doing so (tagging).
-
Status: Moved future discussion list.
-
Previous Action Item:
Distribute MITRE congressional slides once submitted to Congress.
-
Status: Response in progress.
-
Previous Action Item:
Communicate to researcher CNAs – new CNA are hold. Explain that clarifications need to be made about roles and responsibilities before new CNA’s are confirmed.
-
Previous Action Item: Reach out to HackerOne regarding response to CNA query.
-
Status: Done. Initial response was belated due to automated tier 1 response
system. HackerOne suggests CNA email for future communications.
-
Previous Action Item: MITRE to provide metrics on the number of researcher
CNAs vs. the number of vendor CNAs.
-
Previous Action Item: Kurt Seifried to provide the names of those participating
in the CVE User Registry project and set up a requirements kickoff meeting.
-
Previous Action Item:
MITRE to send a note to the CNA group email soliciting participation in Automation Working Group projects.
-
Previous Action Item:
MITRE to distribute CVE Root discussion slides to the Strategic Planning Working Group.
2:15 – 2:30:
Working Groups
·
Strategic Planning – Kent Landfield / Chris Coffin
·
Automation – Chris Johnson / Dave Waltermire
2:30 – 2:45:
CNA Update
·
DWF – Kurt Seifried
·
MITRE – Jonathan Evans
·
JPCERT – Taki Uchiyama
2:45 – 3:50:
Open Discussion
3:50 – 4:00:
Action items, wrap-up – Chris Coffin