[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[TECH] New Voting Support Enhancements for Board Members


In the never-ending quest to make it easier for Board members to vote,
the following enhancements have been made.  Note that online voting
via web site is planned for the long term, but it is presently a lower
priority than some other activities.  Until then, other measures will
be taken, such as the ones I've outlined below.

Use of URLs for References in Candidates

When accessible, references with URLs will be included with
candidates.  This should make it easier for Board members to more
quickly access references, especially for mailing list messages.  The
generalized references used by CVE, i.e. SOURCE:ID, are often
extremely useful for speedy visual correlation of data when looking up
a specific vulnerability, and they reduce the amount of maintenance
for links.

However, generalized references are not convenient for some kinds of
voting activities, where the voter may want to directly consult the
reference before voting.  Future candidates will therefore include
URLs whenever possible.  These URLs will be stripped and/or converted
into generalized references when the candidate is ACCEPTed and
converted into an official entry.  Thanks to Kevin Ziese for
suggesting that we incorporate references directly into ballots.  This
is a bit smaller scale than his idea, but it's a start ;-)

Customized, Prioritized Voting Ballots

With the large number of candidates and clusters to deal with, it can
be difficult for a Board member to prioritize which problems to tackle
first.  Some members prefer to work on an entire cluster all at once,
but the size of the clusters makes this more difficult.  Members with
specialized knowledge may find it difficult to wade through clusters
to find the problems that they can vote on.  "High-priority" problems
can also get lost in the mix, and may take longer than they "should."
For example, most candidates that are confirmed by a Microsoft or Sun
advisory should be approved within two or three weeks of the initial
proposal, but that does not always happen, especially in recent

To address this, customized voting ballots will be made available to
each Board member.  They only identify the issues that the member
hasn't voted on yet.  All the ballots are packaged and made accessible
by a single HTML document.  Each cluster has a separate entry.  Within
each cluster, the ballots are further broken down by OS family
(NT/Unix/Misc) and a rough notion of "priority" with respect to votes.
For example, candidates that are associated with advisories get a
higher priority (and a separate ballot) than candidates where there is
a posting to a mailing list, but no confirmation by a vendor.  Thus
each individual ballot may identify a more manageable set of
candidates to vote on.

Because CVE isn't supported by a database, the division by OS and
priority are not necessarily completely accurate.  However, this is a
reasonable first effort.  If successful, it may form the basis of a
web-based voting package.

A sample voting ballot will be posted in the next email.  Please
review it and let me know what you think and, while you're at it, toss
in a few votes ;-)

- Steve

Page Last Updated or Reviewed: May 22, 2007