[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Review of vendor mappings at next week's CVE Review Meeting



For those vendors who will be attending next week's CVE Review
meeting, I would like to have a side meeting with each vendor
separately in order to review the mapping from your tool to the CVE.
You will not be provided with the raw data, but I will give you a
demo.  I did this at last week's Review with Adam Shostack, and I
believe it was very productive to see the CVE "in action" and see some
of the implications.

To reduce the disruption of the one-on-one meetings on the remainder
of the review meeting, I will schedule these meetings during the lunch
hour, or very late in the day.  I believe that ISS and L-3 will be at
this Review meeting.  If other vendors expect to be there, then if you
haven't provided me with tool data, I would need it no later than next
Monday in order to create a mapping in time for the meeting.

Dave and I will present a finalized agenda early next week.  We will
also present the discussion points to the rest of the Board at that
time.

- Steve

Page Last Updated or Reviewed: May 22, 2007