[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CVE ID syntax down-select complete - Public Feedback to begin

(removed the cve-assign email from the CC - the entire team can follow this list.)

It might be feasible to package up the raw responses we get on a periodic basis, and change the announcement to emphasize that responses would be seen by MITRE as well as Editorial Board members.

However, since some of the people providing feedback would be competitors of Board members, that might actually discourage important participants from sharing honest opinions for fear that their competitors will hear it.

- Steve



-----Original Message-----
From: Art Manion [mailto:amanion@cert.org] 
Sent: Friday, January 18, 2013 5:09 PM
To: Kent_Landfield@McAfee.com
Cc: Christey, Steven M.; Common Vulnerabilities & Exposures; cve-editorial-board-list
Subject: Re: CVE ID syntax down-select complete - Public Feedback to begin

On 2013-01-18 14:55 , Kent_Landfield@McAfee.com wrote:
> Glad to hear there is a targeted list. Any chance you could make that
> MITE-Only listeners and Board Members that request opt-in? The decision
> is important and the more raw opinions the better from my perspective.
>  Yes, I know what I would be getting myself into... Others may not be
> interested...

I'm also slightly interested in the raw opinions, but no big deal either
way for me.

> As for the press, I feel the sooner we get this in the press the better
> for all.  The press loves follow ups as it give them something to write
> about that they don't have to think up themselves. ;-) This really is an
> on-going story anyway and it could be useful in getting the attention of
> the public early instead of just deciding and telling industry.  If we
> want an accepted outcome that people start reacting to quickly, we need
> to start the buzz sooner rather than later. It gets on people's radar
> and more importantly, on product/project roadmaps so the modifications
> can be done, tested and field in time. 

Agree with Kent, but don't feel strongly about it.  You might want to
have some talking points in your pocket if the press does pick up the
story, even if CVE doesn't seek out press attention.  "Public comment,
ongoing process, board involved, considering various factors like cost
of adoption/conversion, longevity, usability, etc."

 - Art
Page Last Updated or Reviewed: October 03, 2014