[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE Advancements

While I like the idea of a more general meeting I think we need to focus
on CVE initially.  After we have accomplished what we need to then I think
we will be in position to have a more generalized event around
Vulnerability Identification and Reporting and the associated tools,
databases and coordination activities.

Steve, I like the doodle poll idea. Can you set that up as you suggested?
I would include three weeks,  the weeks of March 28th - April 1st,  April
11th - 15th and April 18th - 22nd.

As suggested we should allocate 3 days to address the issues. Active CVE
Board members and the current CVE team should be the target participants.

The next thing we need to do is to start figuring out what an agenda would
be.  We all have a list of topics. It would be an interesting exercise for
folks to put together your individual list of the more critical items you
would like to see addressed.  This should include members of the CVE team.
 Then maybe, with a little correlation, we can arrive at a useful and
focused agenda.

Kent Landfield

On 1/5/16, 3:51 PM, "Eugene H. Spafford" <gene.spafford@gmail.com> wrote:

>Then that is two meetings — one CVE-specific, and one more generally for
>the topic area, if people want that.
>> On Jan 5, 2016, at 4:47 PM, Landfield, Kent B
>><kent.b.landfield@intel.com> wrote:
>> As long as the focus would be discussing and deciding CVE related issues
>> and talking about the path forward for CVE Š.  That was the real purpose
>> of my suggestion.  We need to address the short term problems while
>> planning for the long term future of CVE on a larger scale.  I¹d also
>> to have this be restricted to the Editorial Board since they are the
>> highly familiar with the existing problems and the requisite history.
>> Definitely don¹t want outsiders that needs educating. That cuts into the
>> time for discussions and solution development.
>> ---
>> Kent Landfield
>> +1.817.637.8026
>> On 1/5/16, 3:34 PM, "Eugene H. Spafford"
>> <owner-cve-editorial-board-list@lists.mitre.org on behalf of
>> gene.spafford@gmail.com> wrote:
>>> Let me note, from a historical perspective, that CERIAS hosted a
>>> on vulnerability databases here in January 1999.  The MITRE folks
>>> presented at that workshop, and decided to make their efforts public
>>>as a
>>> result.  The CVE was ³born² in a sense as a result of that meeting,
>>> although much of the work had been done prior.
>>> See 
>>> http://www.ieee-security.org/Cipher/ConfReports/1999/CR1999-WVDB99.html
>>> (I helped organize the first workshop, too, at NIST, as I recall.  It
>>> wasn¹t as well attended.)
>>> It might be worthwhile to have a follow-up workshop for not only the
>>> but some of the other players in the arena.  We could piggyback it on
>>> annual symposium here, in April, which might make it even more of
>>> interest for some people to attend.
>>> However, if I were to do that, I¹d want some definite buy-in from
>>> including some who would help with planning.  This is not necessarily
>>> same as a CVE editorial board meeting, which could be done in
>>> or separately with a workshop.
>>> ‹spaf

Page Last Updated or Reviewed: January 14, 2016