[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Question on Mitre's activities with respect to CVE/guidance

So a quick summary of stuff I’ve seen on the board list in the last few months:

Regarding this email from September 24, 2015:


Julie will be putting out an email that will outline what we believe are the objectives for a Board refresh, including responsibilities, membership, and a number of other aspects that have been discussed. Julie will provide more details in her email, and we hope the Board will be very engaged as we seek your suggestions, feedback and comments to help us refresh, shape and formalize a number of aspects of the Editorial Board and its operation.

Tiffany will be engaging with the Board, and will email to described the objectives and plans for updating multiple aspects of the CNA relationship and functioning. Our aim is to improve both sides of the operation and reliability of CNAs, to have CNAs evolve to take on a larger role in the creation of CVEs, and to ultimately expand the number of CNAs.

Steve Boyle is taking responsibility for this area and will be following up with changes and plans. We are actively seeking additional comments, suggestions and feedback from the community to help us shape the process, feedback and utility of CVE ID requests.

December 11, 2015:
Tiffany Bergeron identified some issues they need to work on, no guidance or significant movement that occurred that I am aware of.

December 17, 2015:

Steve Boyle, identified some issues they need to work on, no guidance or significant movement that occurred that I am aware of.

Additionally since then there has also been a 3 day meeting proposed, I’m not sure if it has been scheduled/setup. 

I haven't seen any guidance/documentation issued, as far as I know no decisions have been made or implemented. Can Mitre maybe give us all an update on what's going on? Thanks.

Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com

Page Last Updated or Reviewed: March 07, 2016