[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVE Board Meeting Minutes - 2 November 2016

CVE Board Meeting

2 November 2016, 2:00 p.m. EST


The CVE Board met via teleconference on 2 November 2016.


Board members in attendance were:

Harold Booth (NIST)

Kent Landfield (Intel)

Art Manion (CERT-CC)

Kurt Seifried (Red Hat/DWF)

David Waltermire  (NIST)

Members of the MITRE CVE Team who attended the call are as follows:

Dan Adinolfi

Jon Baker

Chris Coffin

Christine Deal

Jonathan Evans

Anthony Singleton

George Theall





2:00 – 2:05: Introductions, action items from the last meeting – Chris Coffin

2:05 – 2:10: CVE Strategic Planning Working Group Update – Kent Landfield

2:10 – 2:40: DWF Update – Kurt Seifried

2:40 – 2:50: Automation Working Group - Kurt Seifried and Harold Booth

2:50 – 3:10: Board Membership - Daniel Adinolfi

3:10 – 3:40: CNA Summit Planning - Kent Landfield and Dave Waltermire

3:40 – 3:55: Open discussion – CVE Board

3:55 – 4:00: Action items, wrap-up – Chris Coffin 



The Board began by reviewing the action items from the 19 October Board meeting. MITRE shared the current draft of a CVE 101 slide deck. The deck is a starting point for developing presentations to educate the public about CVE.


Also, the Board acknowledged the receipt of a new JSON schema for use within DWF. The Automation Working Group reported that they have a brief written to summarize their plans (see below).


CVE Strategic Planning Working Group Update


The Strategic Planning Working Group did not meet since the last Board meeting. Researchers as CNAs is an issue that the WG would like to continue considering before any new researcher CNAs are on-boarded.


DWF Update


The DWF has been working on cleaning up recent submissions, having cleaned up approximately 90 entries at the time of the Board meeting. The DWF is considering how to communicate with disclosers using the DWF and if researchers should be sub-CNAs of the DWF. Most of the discussion about the DWF was tabled until the CNA Summit scheduled for the following week.


Automation Working Group


The Automation Working Group presented a brief on their agenda. The brief explained their purpose is to create a sharing model for CVE based on an open format. The WG plans to work within a small group and iterate on creating a workable format that will leverage existing work to the extent possible.


Board Membership

CVE received word that one member would like to nominate a new Board member before they themselves step down from the Board. The Board will follow the process described in the Board Charter and watch for the nomination.


CNA Summit Planning

The CNA Summit was discussed. Fifteen CNAs had responded that they would attend at the time of the Board meeting. The agenda had been posted and the event was highly anticipated.


Open discussion

JPCERT/CC will be asked if any of their staff would be interested in joining the CVE Board due to their experience and knowledge regarding CVE operations.


Action Items:

  • MITRE will create and populate an Automation Working Group mailing list.
  • The Board will offer feedback on NIST’s Vulnerability Description Ontology document.

The next Board Meeting will be held on November 16th.


Attachment: CVE_Board_Minutes_20161102.docx
Description: CVE_Board_Minutes_20161102.docx

Page Last Updated or Reviewed: November 21, 2016