[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Proposed Working group and workshop



Plans are nothing, planning is everything.



Tom Millar, US-CERT

Sent from +1-202-631-1915
https://www.us-cert.gov
 

From: owner-cve-editorial-board-list@lists.mitre.org on behalf of Landfield, Kent B
Sent: Friday, August 26, 2016 7:03:50 PM
To: Art Manion; cve-editorial-board-list
Subject: Re: Proposed Working group and workshop

Art wrote:
Some caution here:  3-5 years out in internet time is, IMO, not predictable.  I do think we can pick some direction/priorities, and make some design choices that should enable flexibility when the future arrives, but I'm not a fan of putting lots of effort into a 5 year plan we'll have to throw away in <2 years.
   
I can’t agree more….

---
Kent Landfield
+1.817.637.8026


On 8/26/16, 12:52 PM, "Art Manion" <amanion@cert.org> wrote:

    On 2016-08-26 08:30, Landfield, Kent B wrote:
   
    > So what do we want CVE to look like in 3-5 years?  How do we plan on
    > getting there?
    >
    > On the Board call today I suggested we create a working group to try to
    > address some of those questions. This is a working group as identified
    > in the Charter. Instead of waiting weeks to get started, I suggested we
    > create the WG as an ad-hoc working group until the Charter is approved
    > and then we can ‘officially anoint’ it.
   
    Sign me up.  Does this WG include the full board yet :) ?
   
    On 2016-08-26 11:14, Williams, Ken wrote:
    > Comprehensive CVE coverage of ALL vulnerabilities is a worthwhile
    > goal to consider in such a WG.
   
    Agree.
   
    On 2016-08-26 12:02, Kurt Seifried wrote:
    > Stupid Question but why are we being so stingy with CVEs? We should
    > be handing them out like candy, and putting the "important" ones into
    > the database (and accepting well formed database submissions from
    > all).
   
    Agree.
   
    On 2016-08-26 08:30, Landfield, Kent B wrote:
    > So what do we want CVE to look like in 3-5 years?  How do we plan on
    > getting there?
   
    Some caution here:  3-5 years out in internet time is, IMO, not
    predictable.  I do think we can pick some direction/priorities, and make
    some design choices that should enable flexibility when the future
    arrives, but I'm not a fan of putting lots of effort into a 5 year plan
    we'll have to throw away in <2 years.
   
    Regards,
   
     - Art
   



Page Last Updated or Reviewed: August 29, 2016