CVE Board Meeting Agenda - November 28, 2018

["Coffin, Chris" <ccoffin@mitre.org>]

Agenda

2:00 – 2:15: Introductions, action items from the last meeting

• Previous Action Item: The MITRE CVE team will discuss with their lawyers the impact of GDPR on the CVE project
  • Status: In process
• Previous Action Item: MITRE to work with Microsoft on starting the automated submission process (similar to IBM’s) and document that process
  • Status: Will begin once Microsoft is ready. Targeting December patch Tuesday based on prior discussion
• Previous Action Item: Dave Waltermire to set up a conference call to get feedback on the Vulntology
  • Status: Vulntology Google Group established; Doodle Poll on concall sent (7 responses).
• Previous Action Item: MITRE (Chris C/Jonathan) to send out an email to the Board list to initiate the CNA Rules revision process.
  • Status: In process. We have assembled a list of items and will perform internal review before sending to the Board in Dec
• Previous Action Item: MITRE to draft CNA Rules regarding EOL Scoping issue and Note Field in JSON
  • Status: In process. This will be included in the CNA Rules revision list
• Previous Action Item: MITRE(Jonathan/Joe) will draft up clarifications to CNA rules on the RBP rules and send to the Board for review.
  • Status: In process. This will be included in the CNA Rules revision list
• Previous Action Item: Send out note to Board on CVE Quality WG (MITRE)
  • Status: Done. The new WG will be established and the initial meeting will take place in early Dec

 

2:15 – 2:30: Working Groups

• Strategic Planning – Kent Landfield/Chris Coffin
• Automation – Chris Johnson
• Cloud Security Alliance – Kurt Seifried

 

2:30 – 2:45: CNA Update

• DWF – Kurt Seifried 
• MITRE – Jonathan Evans
• JPCERT – Taki Uchiyama

 

2:45 –3:15: CVE Team Web Scraping – Chris Coffin

3:15 – 3:50: Open Discussion – Board

3:50 – 4:00: Action items, wrap-up