[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVE ID Syntax Change - 2nd Round Voting - Procedures and Timeline (starts May 8, 2013)

Folks,

As promised, we wish to reprise the voting procedures from the first round vote, modified slightly for the second round of voting.

As before, this email will be posted on the CVE web site and other locations to ensure we don't miss any Board members due to outdated contact info, etc. If 

you are a CVE Editorial Board member and did not read this email on the cve-editorial-board list, please contact us immediately so we can update your contact 

info.

The timeline for the second round of voting is as follows (all dates and times are US EDT):
	- Tuesday, 7 May 2013, 11:59 PM - Second discussion period closes
	- Wednesday, 8 May 2013, 12:01 AM - Second official voting period begins
	- Wednesday, 22 May 2013, 11:59 PM - Second official voting period ends

Incorporating comments received and based on further discussion, we will conduct the second round of voting much the same as the first round, with the 

obvious change that there will only be two options to vote on. More information about the major points follows the list.

1. The voting process should be completely open and public, and will be posted and archived on the CVE web site. 
2. Voters must list a first and second choice and clearly indicate which option is the first choice and which is the second.
3. All votes must include a short write up of the reason(s) for supporting or not supporting each of the two options.
4. Only votes received by the mailing list before midnight US EDT on Wednesday, May 22, 2013 will be counted.
5. Only one vote per organization will be accepted, regardless of how many eligible voting members are in a specific organization.
6. If more than one Board member from the same organization votes, only the first vote received will be counted.
7. Some Board members are excluded from the vote for other reasons - details are in the list of Board members (below).
8. No changes to a vote will be accepted; no reclama.
9. At least a simple majority of the eligible Editorial Board members is required for the overall vote to be declared valid.
10. At least a simple majority of the votes cast is required for either option to be selected.


1. Open voting process
------------------------------
All votes and comments will be sent to the Editorial Board list and will be copied to the CVE web site.


2. Voters must list a first and second choice
----------------------------------------------------------
Each voting member is again asked to indicate a first and second choice (including a comment for each, see #3) and clearly indicate which option is their 

first choice and which is their second choice.


3. Reason(s) for or against each option
--------------------------------------------------
A short write up or comment for/against each option is required as part of the vote, i.e., for both options. This was requested by Board members, and will 

capture both the votes and reasons for the votes for the archive.


4. Only votes with a timestamp before midnight US EDT on Wednesday, May 22, 2013 .
-----------------------------------------------------------------------
If a vote is received at or later than 00:00:00 US EDT Thursday, May 23, 2013 it will not be counted. If a member wants to ensure that their vote will be 

counted, they need to take into account the many kinds of delays that may occur between hitting "send" and receipt. The only exception to this condition will 

be if the mailing list is unavailable.


5., 6.  Only one vote per organization; first vote counts
-----------------------------------------------------------------------
Board members from the same organization should coordinate their organization's vote. In the event of duplicate submissions from the same organization, only 

the first vote received will be accepted.


7. Some Board members are excluded from the vote for other reasons
--------------------------------------------------------------------------------------------
Other conditions or circumstance may obviate a Board member's vote. These cases are noted (below).


8. No changes to a second-round vote will be accepted once a vote has been cast.
-----------------------------------------------------
Each Board member may vote in this second round as they see fit, irrespective of their first round vote. Your first vote cast in the second round is the only 

vote that counts. 

9. At least a simple majority of the eligible Editorial Board members is required for the overall vote to be declared valid.
-------------------------------------------------------------------------------------------------------------------------------------------------------------
The overall vote will not be accepted as valid unless at least a simple majority of the eligible Board Members votes. As of this email, we believe there are 

23 CVE Editorial Board members/organizations that are eligible to vote (list below), which means there must be at least 12 votes cast in total for the 

overall vote to be declared valid. Please note that this is 12 votes *total*, not 12 votes for a specific option.


10. At least a simple majority of the votes cast is required for any option to be selected.
------------------------------------------------------------------------------------------------------------------
Please take careful note of this statement. Although a simple majority of the eligible Board members must cast a vote for the overall vote to be declared 

valid, only a simple majority *of_the_valid_votes_cast* is required for an option to be selected. Please note that this means that if, for example, only a 

total of 12 votes are received, it will only require 7 votes for either option to be selected.


********************************************************

Current CVE Editorial Board Members eligible to vote

If you believe you are eligible to vote and are not listed below, please contact us immediately at cve@mitre.org.

Name                                                                    Org
--------------------------------------------------------------
Ken Williams                                                      	CA
Andy Balinsky                                                   		Cisco
Ken Armstrong                                                 	EWA-Canada
Bill Wall                                                                 	Harris STAT
Jimmy Alderson or Troy Bollinger              	IBM
Tim Collins                                                           	Independent
Al Huger                                                               	Independent
Tim Keanini                                                        		Independent
Scott Lawler                                                       	Lightspeed
Kent Landfield                                                   	McAfee
Adam Shostack                                                 	Microsoft
Steve Christey                                                   	 MITRE
Harold Booth or Peter Mell                               	NIST
Russ Cooper                                                        	NTBugtraq
Brian Martin                                                       	OSVDB
Pascal Meunier or Gene Spafford                      	 Purdue
Mark Cox                                                             	Red Hat
Carsten Eiram                                                     	Risk Based Security
Alan Paller                                                          		SANS
Casper Dik                                                            	Oracle (Sun)
Mike Prosser                                                        	Symantec
Matt Bishop                                                          	UC Davis
Art Manion                                                           	US-CERT

Other Board members who are listed on the CVE web page but are not eligible to vote include other MITRE staff (Steve Christey holds the official MITRE vote); 

Tom Stracener is excluded (although he is Independent) because he is currently on contract with MITRE.

Please let us know immediately of any thoughts, comments or concerns.

We deeply appreciate the involvement and participation of the Editorial Board  throughout the discussion and voting of this important change for CVE and in 

the upcoming vote.

Best Regards,
The MITRE CVE Team
Page Last Updated or Reviewed: October 03, 2014