[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CNA Rules Revision Phase 2 - Week 1

To: Multiple recipients <LISTSERV@LISTS.MITRE.ORG>
Subject: CNA Rules Revision Phase 2 - Week 1
From: "Adinolfi, Daniel R" <dadinolfi@mitre.org>
Date: Mon, 7 Aug 2017 14:45:11 +0000
Accept-language: en-US
Authentication-results: spf=none (sender IP is 129.83.29.2) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=mitre.org;
Delivery-date: Mon Aug 7 11:42:56 2017
List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
Sender: <owner-cve-editorial-board-list@lists.mitre.org>
Spamdiagnosticmetadata: 5952c28dcc454f0789fb433d26f936ef
Spamdiagnosticoutput: 1:2
Thread-index: AQHTD4vF7+pU2awtRkq3vHe/aDTVog==
Thread-topic: CNA Rules Revision Phase 2 - Week 1
User-agent: Microsoft-MacOutlook/f.24.0.170702

Greetings,

We have begun the second phase of the 2017 CNA Rules Revision process.

You can see the schedule of what issues we will be discussing each week on the Wiki section of our GitHub site:

<https://github.com/CVEProject/docs/wiki/CNA-Rules-Revision-Schedule-2017>

with the issues listed in the Issue tracker:

<https://github.com/CVEProject/docs/issues>.

The document from which we are starting all discussion, CNA Rules 1.1, is here:

<http://cve.mitre.org/cve/cna/CNA_Rules_v1.1.pdf>

The section of the GitHub site where the rules suggestions were originally tracked is here:

<https://github.com/CVEProject/docs/tree/cna-documents/cna/CNA%20Rules/CNA%20Rules%20Development>

Each week, I will post a reminder to the CNA list of what issues we will be focusing on for that week.

Week 1

This week we will be discussing:

Week #1: August 7-13	Issue Number
Define hardware	43
Update definitions	17
Define when an entry should be marked as disputed versus rejected	25
Fix typo in 2.2.9	35
Use terminology as defined by RFC 2119 (MUST, SHOULD, MAY)	23
Remove "to the greatest level of detail available" from the Appendix B	48

You can add your thoughts or comments to the GitHub issue tracker directly. You can also discuss a particular issue on the cve-cna-list mailing list.

By the end of each week, the final language for any changes will be written. For any issues that are not resolved for that week, we will put a hold on those issues and move on to the next week's issues. The goal is to discuss the entire set of issues in the eight-week period of the review cycle. If there are outstanding issues at the end of the cycle, we can decide how to proceed as a group (including dropping the issue or setting a short deadline for resolving the issue after the review cycle).

Please let us know if you have any questions, and thank you in advance for your input into this process.

Thanks.

-Dan

_________________________

Daniel Adinolfi, CISSP

Lead Cybersecurity Engineer, The MITRE Corporation

CVE Communications and CNA Coordinator

Email: <dadinolfi@mitre.org> Phone: 781-271-5774

Prev by Date: CVE Board Meeting Minutes - 24 May 2017
Next by Date: New CNA - Autodesk
Previous by thread: CVE Board Meeting Minutes - 24 May 2017
Next by thread: New CNA - Autodesk
Index(es):
- Date
- Thread