Review of vendor mappings at next week's CVE Review Meeting
For those vendors who will be attending next week's CVE Review
meeting, I would like to have a side meeting with each vendor
separately in order to review the mapping from your tool to the CVE.
You will not be provided with the raw data, but I will give you a
demo. I did this at last week's Review with Adam Shostack, and I
believe it was very productive to see the CVE "in action" and see some
of the implications.
To reduce the disruption of the one-on-one meetings on the remainder
of the review meeting, I will schedule these meetings during the lunch
hour, or very late in the day. I believe that ISS and L-3 will be at
this Review meeting. If other vendors expect to be there, then if you
haven't provided me with tool data, I would need it no later than next
Monday in order to create a mapping in time for the meeting.
Dave and I will present a finalized agenda early next week. We will
also present the discussion points to the rest of the Board at that