[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

question re: old orgs nominating a new person


When did the precedent start that an existing org has the right to 
someone like this? Wasn't the board elected on PERSONAL merit all these 

Just because a person/org has been on the board for sixteen years, 
mean they provide any value.

To wit, I deeply respect Casper Dik, I always have. I corresponded with 
him frequently over a decade ago regarding Sun vulnerabilities, am a 
of his work, and know he has great insight into our industry. That 
in sixteen years, he has posted to the board list *twice* (compared to 
Landfield 68 times, Seifried 47 times, Scott 14 times... and two of 
have bee on the board for under two years). For whatever reason, Casper 
did not commit to the board and opt to provide his exceptional 
and insight to this endeavor over all those years, and as an industry, 
are worse for it.

Oracle, as a company, does not embody the goals and mindset of a CNA at 
all. They have explicitly *countered* many of the things we strive for, 
primarily around vulnerability clarity in tracking and abstraction, and 
continue to fight that to this day. As an organization, Oracle is not 
to be a CNA, despite it being terribly convenient for MITRE.

Remove Casper from the picture, which you just did, and Oracle is no 
different than any other random company that wishes to have a presence 
this board. In fact, they are actually LESS suited to than a newcomer 
may be more open to the industry goals CVE is designed for.

If there is some policy about existing CNAs automagically getting a 
on the board, please cite that public reference so I can kick myself 
not noticing and arguing it sooner.


On Fri, 29 Apr 2016, Sain, Joe wrote:

: Casper Dik of Oracle has left the Editorial Board. We are working 
with Oracle to determine whether they wish to nominate a candidate to 
assume Casper's seat on the Board.
: Casper Joined the Board in April 2000 as a senior staff engineer at 
Sun Microsystems. He was instrumental in the early days of CVE in 
selecting candidates, exploring how software vendors could use CVE to 
benefit their customers and the CVE community, and helping to lay the 
groundwork for the growth and acceptance of CVE. He participated in 
many Board meetings and was an active participant in Board discussions.
: Thank you, Casper, for your contributions over the years.
: The CVE Team

Page Last Updated or Reviewed: May 02, 2016