[BOARD] Mark Cox has joined the Editorial Board
Mark Cox of Red Hat Linux has joined the CVE Editorial Board as a
liaison. His primary task will be advocating CVE within the Linux
community, possibly as a Candidate Numbering Authority (CNA).
Mark has basically acted as a liaison since November 2001, when he
began reserving CVE candidates for Red Hat Linux security advisories,
as well as the Apache and OpenSSL projects, to which he contributes.
He has also been encouraging other Linux vendors to participate, which
has led to the inclusion of candidate numbers in other advisories.
His "Chinese Whisper" article on linuxworld.com gave a concrete
demonstration for the benefits of using CVE names to correlate
different advisories and descriptions for the same issue. A resident
of Scotland, his presence further enhances the international scope of
the Editorial Board. As a representative of Red Hat, he is the first
Editorial Board rep from a major open source vendor. Finally, as a
vendor rep with ties to many Linux vendors, he may be able to help
form another Candidate Numbering Authority (CNA) and provide insights
into some of the thornier issues that will face CNAs, such as the
problem of coordinating the same candidate number across multiple
Mark's bio follows:
Mark Cox is Senior Director of Engineering at Red Hat. He has
developed a number of free and open-source software products for
more than 9 years; being a founding member of both the OpenSSL group
and the Mozilla Crypto Group, a core Apache developer since 1995,
and the editor of Apache Week.
Mark is the author of a number of papers and presentations given at
security, web, and Apache conferences world-wide. His current role
involves working with the Red Hat security team and he is working to
advocate the role of CVE amongst Linux distribution vendors.
Welcome aboard, Mark!