Re: [BOARD] Status of CyberCrime treaty statement

["Andy Balinsky" <balinsky@cisco.com>]

I would advise against trying to become too political as an organization. We
have to consider what we are trying to accomplish with the CVE effort. Is it
to come up with a common language for discussing vulnerabilities, or is it
to act as a political organization of security researchers. My opinion is
that if the latter is a goal, that is probably best addressed through
another organization.
  Don't get me wrong. I think that making a statement on this treaty as a
valid technical opinion is fine, and I think that as security researchers we
probably have many common political concerns that the bureaucrats don't
understand. I also think that we should be vocal and organized when we speak
so that our voice counts. I'm just not sure if the CVE effort is the best
method, because it becomes uncomfortable for those on the board who just
want to get the cataloguing effort done.
  Regarding Mitre talking to DoJ, etc., I think it is Mitre's prerogative to
decide what content to allow and not allow on their servers. The CVE needs
to exist as an organization independent of Mitre. This is another reason to
separate the politics from the database. Then Mitre can continue to host the
technical side, and we can find somebody else who is willing to host
political activities.

Andy
----- Original Message -----
> The board as a group, I think, should consider if we want to create
> guidelines for speaking as a group in public in the future, and
> perhaps consider addressing the mission of the CVE in other ways.
>
> Adam
>