[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVE Pilot Approach

Yesterday, we described to you a plan to test a pilot approach that addresses the rapid-response security researcher use case. A number of concerns with the proposed syntax were raised, and we heard them clearly. As a result of your feedback, we will not move forward with a public announcement of the pilot plan, which we are putting on indefinite hold.


The pilot described yesterday was designed to run in parallel and to be completely separate from the production CVE stream, but we certainly understand the importance of not perturbing any operating aspect of CVE. Our goal is to be responsive to the critical need for the no-description use case, but we must also ensure that we have the correct operating model.


We would like to hold an Editorial Board meeting next week to discuss approaches to addressing the security researcher use case as well as any other issues or concerns that the Board may have. We want to be certain that every Board member has the opportunity to voice their opinions, concerns, and ideas. An agenda will be forthcoming.


We truly appreciate your feedback, and we are looking forward to developing an operating model that enables CVE to move forward and that preserves the foundational work that the community has put into the effort.




Joe Sain

CVE Communications and Adoption Lead

The MITRE Corporation


Page Last Updated or Reviewed: March 21, 2016