[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Notice of Pilot Activity in CVE Auto WG

Per discussion on the last board call it has been requested that all WGs send a brief notice to the board to both inform the board and provide an opportunity for the board to give input on any pilots.


The CVE Automation Working Group is proposing to run a pilot using a private MITRE-hosted GIT repository to investigate the requirements surrounding the automation of updating and retrieving the CVE JSON data. We hope to learn not only what features are necessary to support the “plumbing” of sending and receiving the data, but also what attributes and metadata are needed in the CVE format to support automation. Participants will be MITRE and members of the CVE Auto WG with the goal for participants to update their CVEs using the format in the GIT repo and for participants to update and receive updated information through the GIT repo. Participants will be the only ones with access to the GIT repository. All participants should understand that this is only a pilot and as such there is no guarantee that any eventual solution will look anything like the pilot. Initial proposed pilot is planned to run no later than through August 21st and if we need to extend the pilot we will come back to the board to request an extension.


Unless there are any sustained objections the pilot will start in earnest on May 15th (the next CVE auto WG call).


Page Last Updated or Reviewed: May 09, 2017