[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Documentation tree

for me it's be CVE yes/no and split/merge, in other words the basic training needed to create CVEs that are generally correct. If people get that stuff right it will significantly reduce our workload.

On Tue, Feb 7, 2017 at 3:04 PM, Adinolfi, Daniel R <dadinolfi@mitre.org> wrote:

Most of the documents do not yet exist, but there are some in either draft or published form. Those in "quotes" exist, and the words in quotes are the titles.


Would anyone like to take a stab at prioritization of the documents? We discussed doing this at the last Board meeting.






From: Kurt Seifried <kseifried@redhat.com>
Date: Tuesday, January 24, 2017 at 22:06
To: "Landfield, Kent B" <kent.b.landfield@intel.com>
Cc: "Adinolfi, Daniel R" <dadinolfi@mitre.org>, cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
Subject: Re: Documentation tree


Seems comprehensive, do the docs exist yet, or?


On Tue, Jan 24, 2017 at 4:01 PM, Landfield, Kent B <kent.b.landfield@intel.com> wrote:

This might be a good Board meeting presentation and discussion.  Rather have the opportunity to better understand this format and process before I comment further.



Kent Landfield



From: <owner-cve-editorial-board-list@lists.mitre.org> on behalf of "Adinolfi, Daniel R" <dadinolfi@mitre.org>
Date: Tuesday, January 24, 2017 at 3:48 PM
To: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
Subject: Documentation tree




MITRE would like the Board's feedback on our plan for providing documentation needed to support the CNA program. These documents are for the public and CNAs. They describe CVE and the CNA program and offer guidance regarding CNA operations.


Attached is an outline of a documentation tree. This tree shows the relationships between different documents. It also has brief descriptions of each document. This is an early draft of this documentation tree, and we will improve the appearance and clarity of the tree for public consumption. We are sharing this version with the Board to being the process of collecting your feedback.


Is there documentation that you feel is missing?


What are the top 3 documents based on priority, in your opinion?


Based on your feedback, we will develop a schedule for completing the initial versions of these documents. For each document, we will share an outline with the appropriate group for their discussion over a week. Once a draft is ready for review, that review period will be two weeks, and we will then have the final draft completed within two weeks of that. When the draft is finalized, it will be submitted to the Board for approval.


The Board will review general CVE documents themselves over the Board mailing list.


Documents that directly affect CNA operations will be reviewed on the cve-cna-list mailing list.


Documents that are related to automation will be reviewed on the Automation Working Group mailing list.


MITRE will maintain the document masters and act as editor. These masters will be maintained in GitHub.


Please let us know if you agree with this process. Our goal is to complete a number of documents over the next few months and bolster the CNA program and CVE in general.


Thank you.




Daniel Adinolfi, CISSP

Lead Cybersecurity Engineer, The MITRE Corporation

CVE Communications and CNA Coordinator

Email: <dadinolfi@mitre.org>  Phone: 781-271-5774






Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: 


Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com

Page Last Updated or Reviewed: February 08, 2017