CVE Program Professional Code of Conduct


In the interest of fostering an open and welcoming environment, CVE Board members agree to make participation in the CVE Program, and directly related activities, a harassment-free experience for everyone involved with the program, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation.

All individuals participating in the program, regardless of role (Board member, Secretariat, Top-Level Root, Root, CNA of Last Resort, CNA, Working Group chair, Working Group member) are expected to adhere to the Professional Code of Conduct. The Code of Conduct also applies to any individual serving in a role on a temporary basis, due to the unavailability of the assigned/primary individual.

Professional Code of Conduct

CVE Program participants are expected to:

Examples of inappropriate conduct include:

The Secretariat and the Board are responsible for development of the Code of Conduct, and updates or revisions.

Complaints

Any program participant may report a Code of Conduct complaint. The reporting participant must have directly observed, heard or read something thought to be a violation, and be able to provide details about the incident.

Complaints must be reported to the Secretariat (cve-prog-secretariat@mitre.org). The Secretariat must maintain the confidentiality of the reporter of an incident. The Secretariat will investigate complaints that provide enough detail to proceed. The investigation will result in a finding of either “no further action” or “verified.”

If the individual in question has repeated complaints, the Secretariat will bring this fact to the Board’s attention. The Board will then convene an Executive meeting (MITRE Board representative must attend) to review and discuss next steps. The Board and the Secretariat will decide on and execute the agreed-to next steps on a case-by-case basis; this may include removal of the individual and/or the individual’s organization from the CVE Program.


Page Last Updated or Reviewed: April 28, 2021