|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [CVEPRI] Challenge to Reach 1000 CVE Entries by October 16
All: As has been discussed in various Board meetings and teleconferences, the Board has been challenged to expand CVE to 1000 entries by September. Unfortunately, it is not likely that this goal will be achieved by the end of September. Board members have not been using the voting web as much as we had hoped, and due to internal delays related to creating the web site in the first place, it has not been possible to focus on the CVE-1000 until now. It was also expected that a series of legacy candidates would also be ready, but the CVE content team has not finished the submission refinement yet (although matching is complete for all 1999 problems). We are still planning on promoting this milestone at various conferences in late October, namely SANS and NISSC. We will have CVE booths at both locations and will be offering "souvenirs" of that accomplishment. So we have a new *hard* deadline for CVE entries - October 16. Since CVE is only presently at 815 entries, we run a significant risk of not achieving this milestone in time. However, with enough active participation by enough Board members, we can reach this goal - just like we did in September last year! Following is the plan for accomplishing this goal: 0) The Board voting web site has already been put in place so that all Board members can vote more quickly and easily. We did this earlier so that it would be easier for Board members to help reach the 1000. With the custom pages on the voting web site, each member is able to quickly see which items they haven't voted on, which items are the highest priority, etc. Email-based confirmation of votes from the web site will begin this week. 1) There are about 100 candidates that just need 1 more vote. They will be made available in ad hoc clusters on the voting web site, and proposed to the Board. Please actively review and vote on these candidates. 2) More than 100 new candidates will be proposed on Wednesday. 3) Vendor liaisons to the Editorial Board, whether formal or informal, will be identified and consulted in cases where there is not clear vendor acknowledgement. (CMEX statistics show that about 50% of the candidates don't have acknowledgement.) This in turn will provide some Board members with additional confidence to ACCEPT an entry, instead of performing a NOOP. Given the amount of time that vendor consultation will take, however, this approach may not produce many results in the short term. 4) With the new precedent-based approach to CD's as outlined in a previous email, older candidates will become available for acceptance as precedents are set. I will be conducting a review of those candidates and annotating them with the appropriate analysis. 5) Final modifications will be made to CD:VOTE, and an Interim Decision will be posted to the mailing list. Since this has been discussed extensively in previous Board meetings and summaries, it is not necessary to hold a vote on this CD. The main effect of this will be to allow MITRE's other Board members (Bill Hill and Dave Baker) to vote if the rest of the Board is not able to fully meet the challenge itself within the time constraints. 6) Each Board member who contributed their database during this summer will also receive a custom ballot based on the backmaps to existing CVE candidates. These backmaps still need to be generated, however, so those custom ballots will not be available for another week or so. - Steve
|
||||
