FYI - Continuation of "Future of Global Vulnerability Reporting" discussion

DHS will be hosting a follow-on discussion to their ITSAC “Future of Global Vulnerability Reporting” workshop at the upcoming Software Assurance Working Group (SWAWG) meeting on Monday, 28 November, to be held at MITRE’s McLean, VA facility. (See: https://buildsecurityin.us-cert.gov/bsi/events/1292-BSI.html)

As before, this is a US Government-led discussion which will obviously not include the whole vulnerability reporting community. MITRE will be in attendance and participating in the discussion, and we will publish our notes and thoughts to the CVE Editorial Board List as before. Given that the SWAWG is open to the public, we thought it would be worthwhile to let others on the Editorial Board know of this discussion and an opportunity to participate if you so wish.

Per the DHS SWAWG agenda, the description of this workshop session is as follows:

“Workshop on the Future of Global Vulnerability Identification and Reporting – 10:00 AM Start Time

- Facilitators: Richard Struse, DHS; Thomas Millar, DHS

This workshop is a continuation of the discussion on the “Future of Global Vulnerability Reporting” that was held at the IT Security Automation Conference in October. Building on the issues and use cases identified previously, this workshop will focus on the concept and development of use cases for early-response kinds of vulnerability identifiers. We expect to develop use cases for discussion by the group, and will employ scenarios to help in the discussion.”

We continue to encourage any and all Board members who participate in these kinds of discussion or who have any thoughts on the topics to share them with the list.

Best Regards,

The MITRE CVE Team