[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Agenda for CVE Board Meeting Wednesday, January 10, 2018

Dear Members of the CVE Board -

Happy new year!

Here is the agenda for Wednesday’s CVE Board Meeting.




CVE Board Meeting 10 January 2018 - Agenda

2:00 – 2:05: Introductions, action items from the last meeting – Chris Coffin


  • Dave Waltermire will send out an email on SWID tags with links to standards documents. Kent Landfield and Art Manion will provide additional information.
  • MITRE to add vendor and product naming discussion to CNA Summit agenda - Done
  • MITRE to send out draft CNA Summit agenda to the Board for feedback - Attached
  • Dave to send email about infrastructure/code that should be shared with the community (GitHub discussion)
  • MITRE to set up another call to discuss the infrastructure/code that should be shared with the community (GitHub issue)
  • MITRE to send out new draft of Board charter
  • MITRE to send out new draft of CNA processes document
  • MITRE to set up CNA rules discussion at summit (What are the most impactful changes?)
  • Art, Dave, and Kent to start on a CNA Rules document update (Kent will act as editor)
  • Automation WG discussion needed on data authorizations
  • Kent will send vulnerability discussion document that will be presented in Osaka

2:05 – 2:25: Working Groups 
     Strategic Planning – Kent Landfield

  • Issues
  • Actions
  • Board Decisions

     Automation – George Theall

  • Issues
  • Actions
  • Board Decisions

2:25 – 2:50: CNA Update
     DWF – Kurt Seifried

  • Issues
  • Actions
  • Board Decisions

     General – Jonathan Evans, Nick Caron

  • Issues
  • Actions
  • Board Decisions

2:50 - 3:00: CVE CNA Summit Topics for the Agenda – Joe Sain


  • Panel Discussion - The Current State of CVE and the CNA Program – Where we are, the need to scale the program; where we are, and plans going forward – Chris Levendis, Chris Coffin, Jonathan Evans, Tom Millar
  • CNA Issues and Challenges facing CNAs– Content Quality, Conflict Resolution, CNA Training, and Other Thorny Issues
  • Panel Discussion - Accelerating CVE Data Exchange: Automation and the Git Pilot – George Theall, Kent Landfield, Kurt Seifried, Nick Caron
  • Meltdown, Spectre, and CVE: Handling Vulnerabilities that Present Multiple Issues Across Multiple Vendors
  • Workshop - CVE and Supply Chain Relationships: The Intel Puma chipset issue and how vulnerabilities flow down to other products that use the chipset - Art Manion, Moderator
  • Process for Assigning CVE IDs and Formatting Advisories – Larry Cashdollar, Moderator
  • CVEs for Open Source Software – Kurt Seifried?
  • CNA Onboarding and Management – Jonathan Evans, Nick Caron
  • CVE Federation Philosophy – Root CNAs, Sub-CNAs, and how they are organized
  • CNA Rules 2.0 Discussion – Impact of the changes, and how other incremental changes will affect CNA operations
  • How should hardware be incorporated into CVE?
  • Is there value in incorporating services into CVE?
  • Developing a registry of vendor and product names, CNA and non-CNA contact lists in JSON

3:00 – 3:30: CNA Feedback Mechanisms – David Waltermire

3:30 – 3:45: CVE Board Membership, alternates, and succession planning – Chris Coffin

3:45 – 3:55: Open Discussion

3:55 – 4:00: Action items, wrap-up – Chris Coffin




Joseph A. Sain

Principal InfoSec Engineer

The MITRE Corporation

T8A5 – CPS, Mobile, & Emerging Technologies

P: 781.271.3901

M: 781.264.3388


Page Last Updated or Reviewed: January 11, 2018