[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Agenda for CVE Board Meeting Wednesday, 15 November 2017

To: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>, cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
Subject: RE: Agenda for CVE Board Meeting Wednesday, 15 November 2017
From: "Coffin, Chris" <ccoffin@mitre.org>
Date: Wed, 15 Nov 2017 14:12:44 +0000
Accept-language: en-US
Authentication-results: spf=none (sender IP is 129.83.29.3) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=mitre.org;
Delivery-date: Wed Nov 15 11:06:18 2017
In-reply-to: <CY4PR09MB14959ACE05638F0FFBD1E464F0290@CY4PR09MB1495.namprd09.prod.outlook.com>
List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
References: <DM5PR09MB1164A57009F7CC7D275E262AB1280@DM5PR09MB1164.namprd09.prod.outlook.com>,<MWHPR09MB14566C5E6F01CE19610BB9E2A1280@MWHPR09MB1456.namprd09.prod.outlook.com> <CY4PR09MB14959ACE05638F0FFBD1E464F0290@CY4PR09MB1495.namprd09.prod.outlook.com>
Sender: <owner-cve-editorial-board-list@lists.mitre.org>
Spamdiagnosticmetadata: 5952c28dcc454f0789fb433d26f936ef
Spamdiagnosticoutput: 1:2
Thread-index: AdNdiowP0UcX6Vt5TRmdTBADsXeIEgAAfyuAAAoz/O8AGXx0gA==
Thread-topic: Agenda for CVE Board Meeting Wednesday, 15 November 2017

Dave,

Thanks for the update. My apologies for the misrepresentation of the quality issue action item, and what you have proposed sounds reasonable. As for the feedback mechanism, we plan to talk about using Handshake issue tracking for this in today’s call.

Regards,

Chris

From: Waltermire, David A. (Fed) [mailto:david.waltermire@nist.gov]
Sent: Tuesday, November 14, 2017 8:08 PM
To: Coffin, Chris <ccoffin@mitre.org>; cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
Subject: Re: Agenda for CVE Board Meeting Wednesday, 15 November 2017

I will likely not be able to make this call due to travel. As a result here is a quick status on my action items.

Due to travel, I haven't made as much progress on reviewing the CNA rules as I had hoped. I do plan to complete this review soon and will send comments to the list once I have completed this work.

Regarding developing a list of CNAs that have quality issues, I never intended to do this. Instead, I suggested that I would work with the NVD team to identify and raise issues with the board as issues are found. I will do this on an ongoing basis to highlight quality issues that affect down stream use of CVE information. It might be worth identifying a more robust mechanism for others to identify similar issues to allow for a more robust feedback mechanism. This may be worth discussing on a board call at some point.

Regards,

Dave

From: owner-cve-editorial-board-list@lists.mitre.org <owner-cve-editorial-board-list@lists.mitre.org> on behalf of Coffin, Chris <ccoffin@mitre.org>
Sent: Wednesday, November 15, 2017 5:08:16 AM
To: cve-editorial-board-list
Subject: RE: Agenda for CVE Board Meeting Wednesday, 15 November 2017

Summary of Action Items from the Nov 1 Board Meeting

Dave Waltermire volunteered to review current CNA rules for required items and flexible items.
MITRE will schedule a Board meeting that will include the representatives from Github.
MITRE will start a discussion about additional technical domains and areas that should have CVE coverage.
The discussion on building the base (i.e., identifying and onboarding Root CNAs) will be discussed by the Strategic Planning WG.
The discussion on broken links and handling them with the CVE downloads and JSON will continue in a Board email thread.
Dave Waltermire will develop a list of CNAs that have quality issues.

From: owner-cve-editorial-board-list@lists.mitre.org [mailto:owner-cve-editorial-board-list@lists.mitre.org] On Behalf Of Common Vulnerabilities & Exposures
Sent: Tuesday, November 14, 2017 2:57 PM
To: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
Subject: Agenda for CVE Board Meeting Wednesday, 15 November 2017

Dear members of the CVE Board –

Here is the agenda for tomorrow’s CVE Board Meeting. Documents to be discussed during the meeting will be emailed separately.

Regards,

The MITRE CVE Team

>>>

CVE Board Meeting 15 November 2017 - Agenda

2:00 – 2:05: Introductions, action items from the last meeting – Chris Coffin

2:05 – 2:25: Working Groups

· Strategic Planning – Kent Landfield

Issues
Actions
Board Decisions

Automation – George Theall

Issues
Actions
Board Decisions

2:25 – 2:50: CNA Update

· DWF – Kurt Seifried

Issues
Actions
Board Decisions

· General – Jonathan Evans, Nick Caron, Joe Sain

Issues
Actions
Board Decisions

2:50 – 3:10: Documentation: CNA Processes – Jonathan Evans

3:10 – 3:30: Discussion: Problematic assignments for subpar reports via CVE request form - Chris Coffin and Jonathan Evans

Email thread on Board mailing list 10/23 - 11/13.

3:30 – 3:45: CVE communications, document repositories, and collaboration – Joe Sain

3:45 – 3:55: Open Discussion

3:55 – 4:00: Action items, wrap-up – Chris Coffin

References:
- Agenda for CVE Board Meeting Wednesday, 15 November 2017
  - From: Common Vulnerabilities & Exposures <cve@mitre.org>
- RE: Agenda for CVE Board Meeting Wednesday, 15 November 2017
  - From: "Coffin, Chris" <ccoffin@mitre.org>
- Re: Agenda for CVE Board Meeting Wednesday, 15 November 2017
  - From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>

Prev by Date: Re: Agenda for CVE Board Meeting Wednesday, 15 November 2017
Next by Date: Re: Agenda for CVE Board Meeting Wednesday, 15 November 2017
Previous by thread: Re: Agenda for CVE Board Meeting Wednesday, 15 November 2017
Next by thread: Re: Agenda for CVE Board Meeting Wednesday, 15 November 2017
Index(es):
- Date
- Thread