[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Automation WG Git Pilot

A quick meta point relative to your first question. It would be better to ask if anyone has any concerns with this approach? That way a lack of response is agreement with the way forward, vs lack of response being a lack of agreement.


I would like to see the Git pilot move forward with a new phase to explore policy-based acceptance of pull requests. I would also like to see multiple simultaneous commits from a CNA, MITRE, and other sources against the same issue to test out how this will work. For example, we are working towards being able to contribute back CVSS scores based on NVD analysis.





From: owner-cve-editorial-board-list@lists.mitre.org [mailto:owner-cve-editorial-board-list@lists.mitre.org] On Behalf Of Coffin, Chris
Sent: Thursday, August 10, 2017 3:48 PM
To: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
Cc: cve-cna-list <cve-cna-list@lists.mitre.org>
Subject: Automation WG Git Pilot




The Automation WG met on August 7 and discussed the current state of the Git pilot used by a handful of CNAs to share CVE details with the primary CNA (i.e., MITRE). The Git pilot was established with a limited timeframe that is due to end on August 21. All feedback received so far suggests that the pilot has been successful and that Git is very useful as a means for sharing CVE details. However, there is general consensus that more functionality should be implemented and more things need to be test before ending this pilot program. In other words, only the first phase of this pilot program has been completed.


MITRE suggests that the Git pilot be temporarily extended until such time that the WG defines a plan for the next phase. The next Automation WG meeting will include this agenda topic and will drive towards having a plan. MITRE or the Automation WG will report back by August 25 with the status of this plan.


Does the Board agree with this approach? Additionally, Do any Board members have any suggestions or thoughts on what the next phase plan should include?





Page Last Updated or Reviewed: August 11, 2017