[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Current standards/criteria for 'Undefined Behavior'



I spoke with Chris Coffin today about the minutes going out within 48 hours of the board meetings being held. We will meet this standard going forward.

Chris Levendis


Sent with BlackBerry Work
(www.blackberry.com)

From: Andy Balinsky (balinsky) <balinsky@cisco.com>
Date: Monday, Jul 10, 2017, 8:14 PM
To: Waltermire, David A. (Fed) <david.waltermire@nist.gov>
Cc: Coffin, Chris <ccoffin@mitre.org>, Landfield, Kent <Kent_Landfield@McAfee.com>, pmeunier@cerias.purdue.edu <pmeunier@cerias.purdue.edu>, Carsten Eiram <che@riskbasedsecurity.com>, cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
Subject: Re: Current standards/criteria for 'Undefined Behavior'

I think that the clock (however many days it is) needs to start from publication of the minutes, just like the US Federal government uses X days from publication in the Federal Register for its comment periods. 

There have been occasions where the minutes have not come out in a timely fashion (3 May minutes released 31 May), and this would not be fair to other board members who were not on the call. It would provide both a consistent standard, and an incentive to get the minutes out on time. Any delays would impede finalization of any proposed decisions made in that meeting. 

Maybe we need an SLA for the publication of the minutes, too, like within 7 days of the meeting.

Andy

On Jul 10, 2017, at 10:27 AM, Waltermire, David A. (Fed) <david.waltermire@nist.gov> wrote:

Chris,

I think we want consensus (the lack of sustained objection) over
agreement.
Agreed.

If a new option is chosen on the call, a new discussion period will be started
to provide a means for the board to provide feedback.
The first time I read through your response, I took this as a way to extend the
decision indefinitely. However, I think what you are saying is that if the
decision is changed in a substantial way, we would want to have all board
members review the decision again as if it were a new decision entirely. I
think this makes sense and should be left as an option in cases where there is
sustained objection. However, what I think we want to avoid is the case
where a decision is held up by a single Board member indefinitely.

Sure. We want transparency, not bureaucratic deadlock. I was only concerned about the lack of transparency that could result from a new change.


Also, I would assume that two weeks starts from the time that minutes are
posted?
Kent had originally stated one week, and I extended this based on the board
call schedule since we would want to get consensus before or during the
next call. Assuming we get the meeting minutes out within the same week as
the call, I think this still gives about a week and a half for mailing list
discussion. Does a week and a half sound reasonable?

Why not set a minimum of 1 week and allow some flexibility to expand the period as needed for issues that will need more time?

Thanks,
Dave

Andy Balinsky (balinsky)
PSIRT Engineering




Page Last Updated or Reviewed: July 11, 2017