[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


During the Board meeting at RSA, we discussed scheduling a face-to-face meeting with the Board to discuss options and plans for the future of CVE. In our email of 4 June (below), we proposed holding the meeting the week of 20 July and asked the Board for some feedback on a couple of questions. Other than Kents response on 16 June and an off-list offer of a possible meeting space, there has been no response from other Board members. This causes us to believe that other Board members are too busy at this time to discuss the details necessary to arrange a face-to-face meeting, or that it is full summer and people are otherwise occupied.


As a result, we are going to reschedule the planned CVE Futures meeting until after Black Hat. We will post a Doodle poll for some dates in August and early September and ask everyone to please read and respond, either by selecting possible dates or by proposing alternative dates. We agree with the Board that this is an important meeting for us to have, and we want to make sure that we maximize participation.


Please let us know your thoughts and comments, preferably by email to this list.


Best Regards,



From: <Boyle>, "Stephen V." <sboyle@mitre.org>
Date: Thursday, June 4, 2015 at 9:59 AM
To: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
Cc: "Boyle, Stephen V." <sboyle@mitre.org>
Subject: RE: CVE Futures Event


Hi Kent,


I apologize for the delay in response. We held off until after we had a meeting with SEI/CERT-CC, NIST NVD, and US-CERT during which some of the applicable topics were discussed. As a side note, anything affected by those discussions is reflected in our response below. Although, to be honest, I dont believe anything we talked about impacted anything we discussed during the Board meeting. Ill depend on CERT-CC and NIST NVD people to correct me if needed.


To your questions. In rough order:


- The CVE Governance Final Drafts will be published soon. ;-)  Seriously, we expect them back to the Board for final review and comments before the end of June.


- Our recollection of the mid-summer discussion was somewhat different. We understood that MITRE had been tasked to write up an initial thoughts (possibly even design) relating to a federated scheme for managing vulnerability IDs. Subsequent to delivery of that draft, we would have a workshop-style Board meeting of up to several days, during which the Federated Vulnerability ID scheme draft would be discussed and refined. That meeting was penciled in as mid-July to avoid summertime conflicts. Details such as who would host, exact dates, etc. werent discussed during the Board meeting at RSA.


- Despite having noted our impression as being different than what you came away with, were all for expanding the purpose of the meeting to dig deeper into the topics you listed.


- We are all for getting going on the planning for the meeting, and agree that a timed agenda should be discussed and developed.



To move this forward, we have some questions and need some information from the Board membership:


- Does anyone want to volunteer to host the mid-summer meeting? Having just looked at our online meeting space system, I can say that securing MITRE meeting space is essentially impossible, both in Bedford and McLean.


- How many Board members hope to attend in person? I think that the nature of a workshop means there will be substantial white-boarding, which could make full participation from remote locations difficult. We are completely open to suggestions and assistance from the Board for proposals and/or alternatives.


- For starters, shall we posit the week of July 20th? Depending on travel needs and so forth, we could plan for three full days of meetings and still have Monday and Friday (or Thursday evening) as travel days. (As a reminder, Black Hat begins August 1st, so that would give people a week in between.) We could use a Doodle poll to pick dates and finalize.


Please let us know your thoughts re: the above.


Best Regards,



Page Last Updated or Reviewed: September 01, 2015