[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE Entry Quality Working Group

To: "Coffin, Chris" <ccoffin@mitre.org>, CVE Editorial Board Discussion <cve-editorial-board-list@mitre.org>
Subject: Re: CVE Entry Quality Working Group
From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
Date: Mon, 26 Nov 2018 15:19:26 +0000
Accept-language: en-US
Authentication-results: spf=fail (sender IP is 192.52.194.235) smtp.mailfrom=nist.gov; imc.mitre.org; dkim=pass (signature was verified) header.d=nist.gov;imc.mitre.org; dmarc=pass action=none header.from=nist.gov;
Authentication-results-original: spf=none (sender IP is ) smtp.mailfrom=david.waltermire@nist.gov;
Delivery-date: Mon Nov 26 16:32:03 2018
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TpserqHuNxqywI9Wq2BuapJnDx2TQ4o+H2QrWQthxQM=; b=WOpcGOI2I4+oaaxlI/vXHJZO5zS1FiWuFfCCO+D0FxVjUi0tdHJsh0zlMVvjeP/Io+rEgg4T6YakVS3M71cdqYWL80wWqOvDUPa7yPMO7A1YGkmUEkkH/TPi8OzCjc+tHEg4M34FBZEh/aHU8lXe77HooO6v8/UMEf7Y1wmB2YI=
In-reply-to: <BN7PR09MB280317250ACC15083F88CBB6A1D70@BN7PR09MB2803.namprd09.prod.outlook.com>
References: <BN7PR09MB280317250ACC15083F88CBB6A1D70@BN7PR09MB2803.namprd09.prod.outlook.com>
Spamdiagnosticmetadata: NSPM
Spamdiagnosticoutput: 1:99
Thread-index: AdSFk80ER/Rz1ChKSUmOOg+9/E0PHgAB55VV
Thread-topic: CVE Entry Quality Working Group

I think establishing this WG is a great idea. I'd be happy to participate.

Regards,
Dave

-------- Original Message --------
From: "Coffin, Chris" <ccoffin@mitre.org>
Date: Mon, November 26, 2018 9:32 AM -0500
To: CVE Editorial Board Discussion <cve-editorial-board-list@mitre.org>
Subject: CVE Entry Quality Working Group

Board Members,

The CVE team would like to judge your level of interest in establishing a CVE Entry Quality Working Group. The main focus of the group would be on improving the quality of CVE entry content. The output of the group would be best practices and guidelines on how to generate a CVE entry, and possibly propose changes to the CNA Rules.

Example issues the group could cover include:

Should the CVSS vector be allowed in a CVE Entry description?
What is the best way to describe relationships between products (e.g. Product A bundles Product B)?
If the only public data for two different vulnerabilities would result in an identical description, what should be done?

Would the Board be interested in establishing the CVE Entry Quality Working Group, and are any Board members interested in stepping up to be the chair? Please respond by Friday Nov 30.

The CVE Team

Follow-Ups:
- Re: CVE Entry Quality Working Group
  - From: "Landfield, Kent" <Kent_Landfield@McAfee.com>

References:
- CVE Entry Quality Working Group
  - From: "Coffin, Chris" <ccoffin@mitre.org>

Prev by Date: CVE Entry Quality Working Group
Next by Date: Re: CVE Entry Quality Working Group
Previous by thread: CVE Entry Quality Working Group
Next by thread: Re: CVE Entry Quality Working Group
Index(es):
- Date
- Thread