[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVE Board Meeting Minutes - 16 November 2016

CVE Board Meeting

16 November 2016, 2:00 p.m. EST


The CVE Board met via teleconference on 16 November 2016.


Board members in attendance were:

Andy Balinsky (Cisco)

Harold Booth (NIST)

Scott Lawler (LP3)

Art Manion (CERT-CC)

Kurt Seifried (Red Hat/DWF)

Members of the MITRE CVE Team who attended the call are as follows:

Dan Adinolfi

Tiffany Bergeron

Chris Coffin

Christine Deal

Jonathan Evans

Anthony Singleton

George Theall




2:00 – 2:05: Introductions, action items from the last meeting – Chris Coffin

2:05 – 2:10: CVE Strategic Planning Working Group Update – Kent Landfield

2:10 – 2:40: DWF Update – Kurt Seifried

2:40 – 3:00: Automation Working Group - Kurt Seifried and Harold Booth

3:00 – 3:30: CNA Summit review - Dan Adinolfi

3:30 – 3:55: Open discussion – CVE Board

3:55 – 4:00: Action items, wrap-up – Chris Coffin


The meeting began with a review of the action items from the previous Board meeting. The two action items were the creation of a mailing list for the Automation Working Group, which was created, and a list of action items from the CNA Summit, which is under development.


CVE Strategic Planning Working Group Update


The Strategic Planning Working Group met informally at the CNA Summit, but no new business was discussed. The next meeting is scheduled for the week of November 21.


DWF Update


The DWF is continuing to work through their requests and improve the processing of those requests. The team is working on methods for validating request data in a more automated fashion.


The idea of the creation of a mentor program within DWF was also discussed. This program would connect those new to CVE assignment with more experienced mentors associated with the DWF and CVE. The details of such a program are still under development, but there was interest in the idea.


Automation Working Group


The Automation Working Group update included a continuation of the discussion concerning the need for data validation for CVE submissions. Also, a mailing list (cve-board-auto-list@lists.mitre.org) has been established for the Working Group, and the list will be populated by those interested in participating.


CNA Summit Review


The CNA Summit (8-9 November 2016 at the NCCoE facility in Gaithersburg, MD) was well attended, with approximately 25 attendees in person and 5 attendees online. Using presentations as starting points, there was a great deal of discussion among the CNAs regarding CVE theory and practice. A list of action items coming out of the meeting will be shared with the community. One of those action items is to hold another CNA Summit in 6-8 months to continue promoting collaboration across the CNA community.


Open discussion

  • CNA list issue with implementing new CNA rules based on Independently fixable and protocol level issues.


Action Items:

  • Share action items coming out of the CNA Summit.
  • Check to see if CVE can have a meeting during RSA conference.
  • Query the CNA and Board mailing lists asking who would like to participate in the new Automation Working Group.

The next Board Meeting will be held on November 30th.


Attachment: CVE Board Meeting_11_16.docx
Description: CVE Board Meeting_11_16.docx

Page Last Updated or Reviewed: December 09, 2016