CNA Rules Revision - Final Draft

Greetings,

After three months of collecting the community's feedback, ideas, and suggestions, we have updated the CNA Rules.

Thank you to everyone who shared their time and energy to help improve CVE and the CNA Program!

The final draft is included with this message, along with a list of outstanding issues from the revision process.

CNA Rules v2.0week8.docx is the final draft revision for this year's revision process. (This file is also located at <https://github.com/CVEProject/docs/blob/cna-documents/cna/CNA%20Rules/CNA%20Rules%20Development/CNA%20Rules%20v2.0week8.docx>.) The final version of the CNA Rules v2.0 document will be posted on the CVE Website by October 13, 2017, and they will be in effect as of January 1, 2018.

OutstandingIssues.docx is a list of the open issues found in the CVE GitHub Issue Tracker: <https://github.com/CVEProject/docs/issues>. This document includes a brief description of the current state of each open issue.

The outstanding issues will remain open to allow the community to continue their discussions on those issues. If an issue finds resolution before the next CNA Rules revision cycle (starting July 2018), the CVE Board can recommend an out-of-band update to the CNA Rules if they deem it necessary.

If you have any questions about the updates, please let me know. If you have additional thoughts about the open issues, please share them on the GitHub Issue Tracker.

Thanks.

-Dan

_________________________

Daniel Adinolfi, CISSP

Lead Cybersecurity Engineer, The MITRE Corporation

CVE Numbering Authority (CNA) Coordinator

Email: <dadinolfi@mitre.org>  Phone: 781-271-5774