[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: MS-Word versions of draft Editorial Board governance documents [Was: Two draft Editorial Board governance documents for review and comment]

Here are some of my thoughts on the two proposed documents.

Adding and Removing CVE Editorial Board Members
-----------------------------------------------------------------

- Section 4 - Regarding the "lack of collegiality or professional conduct" phrasing - would it be overkill to formalize a Code of Conduct?  Since some prominent security or developer conferences, and even the combative Linux kernel team, are beginning to adopt codes of conduct, it might be useful for the CVE Editorial Board to demonstrate industry leadership by doing the same.

- Section 4 "Process for Removing Board Members" - since we've never removed anybody, this is brand new territory.  The proposed document does not list any role for the Editorial Board in the removal.  In cases when a member leaves or otherwise disappears, it makes sense to me for MITRE to simply handle it themselves.  But what about less well-defined situations, such as what constitutes "lack of participation" (which Art's already touched on) or "lack of collegiality or professional conduct?"  Would it make sense to involve the Board in such less well-defined situations?  We could possibly follow an approach that's similar to nominating and adding new members, with MITRE suggesting the "prospect for removal" to the private list, allowing a period of time for feedback, then making the final decision and, if removal is needed, documenting it to the list.

- Section 4: "works in vulnerability-related field" should probably be "works in a vulnerability-related field."

- Section 2 mentions "Editorial Board Review" but that's the only time the term is used.  Section 3 is titled "Editorial Board Feedback."


Member Roles, Tasks, and Qualifications
-----------------------------------------------------

I have some general thoughts on this topic.

- We give very specific information on the number of hours that members are expected to invest into Board activities, but it's not clear to me whether those time commitments really match what the Board activity involves.  Would it be reasonable to modify the text in some way that de-emphasizes or removes this specific time requirements?  (But if we did, I think we'd still need to have some idea of time requirements so that prospective members knew how much work they'd need to "budget."

- CVE Editorial Board Roles for MITRE: I suggest that we change the phrasing from a person-oriented "Moderator" to something like a "Board Moderation" role.  That would reflect the fact that for many years, moderation "duties" have been shared by multiple MITRE team members.  Related, it's not clear to me whether it makes sense to continue to have any individual person listed as a named "moderator" for the Board any more.



- Steve
Page Last Updated or Reviewed: April 14, 2015