[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE Advancements

As long as the focus would be discussing and deciding CVE related issues
and talking about the path forward for CVE Š.  That was the real purpose
of my suggestion.  We need to address the short term problems while
planning for the long term future of CVE on a larger scale.  I'd also like
to have this be restricted to the Editorial Board since they are the ones
highly familiar with the existing problems and the requisite history.
Definitely don¹t want outsiders that needs educating. That cuts into the
time for discussions and solution development.
---
Kent Landfield
+1.817.637.8026




On 1/5/16, 3:34 PM, "Eugene H. Spafford"
<owner-cve-editorial-board-list@lists.mitre.org on behalf of
gene.spafford@gmail.com> wrote:

>Let me note, from a historical perspective, that CERIAS hosted a workshop
>on vulnerability databases here in January 1999.  The MITRE folks
>presented at that workshop, and decided to make their efforts public as a
>result.  The CVE was ³born² in a sense as a result of that meeting,
>although much of the work had been done prior.
>See
>http://www.ieee-security.org/Cipher/ConfReports/1999/CR1999-WVDB99.html
>
>(I helped organize the first workshop, too, at NIST, as I recall.  It
>wasn¹t as well attended.)
>
>It might be worthwhile to have a follow-up workshop for not only the CVE,
>but some of the other players in the arena.  We could piggyback it on our
>annual symposium here, in April, which might make it even more of
>interest for some people to attend.
>
>However, if I were to do that, I¹d want some definite buy-in from people,
>including some who would help with planning.  This is not necessarily the
>same as a CVE editorial board meeting, which could be done in conjunction
>or separately with a workshop.
>
>-spaf
Page Last Updated or Reviewed: January 05, 2016