[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[CVEPRI] Content Decision Adoption Process



All:

As mentioned in the past, a large number of candidates are being held
back by content decisions that have not been fully discussed by the
Editorial Board.  There are over 40 content decisions at this time.
Many content decisions (CD's) were proposed in summer 1999, but only a
few of them received sufficient review by the Editorial Board, as this
took place just before CVE was publicly released.  Additional
discussions took place at the AXENT meeting in March 2000.

As of this posting, almost 300 active candidates are affected by
unresolved content decisions.  That's almost half of all active
candidates.  50 candidates are documented in security advisories from
trusted organizations.  70 could be ACCEPTed right now if they were
not being held back by unresolved CD's, and another 100 are one more
vote away.

Of the most concern, however, is the fact that 170 of those candidates
have been active since before September 1999.  Almost 60 of them will
turn a year old in June!

Unresolved content decisions are a critical bottleneck at this time,
since they are holding back important candidates for serious problems
that should be official entries by now.  Past experience indicates
that some of these CD's could be debated for months, leaving
candidates languishing in the process.  On the other hand, I believe
it is important that the Editorial Board at least review these issues
so that the finalized content decisions are well thought out and
consistent.

With this in mind, I propose the following approach:

1) Several content decisions will be proposed to the Board per week,
   with the most critical ones first.  The [CD] tag will be used in
   the Subject lines.  Specific examples will be provided.  Affected
   candidates will be labeled in the voting record so that non-Board
   members can see why some year-old candidates are languishing.  The
   new Board voting site, when published, will list the associated
   CD's with the candidate.  CD's are already listed in vote
   summaries.

2) The Board will be given 1 month to review and discuss the CD's.
   This reduces the chance that vacations or deadlines prevent a Board
   member from reviewing the CD, but it also allows us to finalize
   them quickly and allow the associated candidates to move into
   Interim and Final Decisions.

3) CD's will be modified appropriately as the Board reaches consensus.
   Dissenting opinions will also be recorded.

4) After one month, MITRE will hold a vote to adopt the CD.  The
   voting period will last 2 week.  MITRE will then use the vote to
   guide its Final Decision (it is expected that very few CD's will
   receive unanimous approval).  A minimum of 5 votes will be
   required, and the majority of those votes will be deemed sufficient
   for adoption of the CD.  The completed CD will be published on the
   CVE web site so that interested individuals can obtain this
   information.  Dissenting opinions will also be included.

5) Affected candidates will be "released" and processed according to
   normal voting rules.


The first set of content decisions will be proposed next week.
Feedback on this process is welcome.

- Steve

 
Page Last Updated: May 22, 2007