[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CVE Board Agenda for Wednesday, September 5, 2018



Here is the document that I was referring to earlier.  I’ve genericized it by taking out the name Microsoft and removing links to the Security Update Guide. I’ve received permission from Management to use it as a straw horse, but not an official statement from Microsoft.  We change it over time, it is no means set in stone.

 

Lisa

 

From: Common Vulnerabilities & Exposures <cve@mitre.org>
Sent: Wednesday, September 5, 2018 8:30 AM
To: CVE Editorial Board Discussion <cve-editorial-board-list@mitre.org>
Subject: CVE Board Agenda for Wednesday, September 5, 2018

 

Dear members of the CVE Board –

 

Here is the agenda for today’s Board meeting.

 

Regards,

The MITRE CVE Team

 

 

Agenda

2:00 – 2:15: Introductions, action items from the last meeting – Chris Coffin

  • Previous Action Item: MITRE (Chris C/Jonathan) to send out an email to the Board list to initiate the CNA Rules revision process (regarding inclusion).
    • Status: Not done.
  • Previous Action Item: CNA rules discussion—MITRE will start putting together a list of things to discuss in follow up calls.
    • Not Done
  • Previous Action Item: Send out note to the Board on the CVE Quality WG (MITRE).
    • Status: Not done.
  • Previous Action Item: Lisa Olson (Microsoft) to investigate sharing a paper as a place to start with CNA scope work.
    • Status: TBD.
  • Previous Action Item: MITRE will contact HackerOne to inquire about WordPress vulnerability and contact Kurt Seifried (CSA).
    • Status: Told Kurt that he should reach out to HackerOne directly on this and let us know if he had any issues in doing so.
  • Previous Action Item: Set up another discussion for Appthority as a research CNA.
    • Status: Done. Appthority is cleared to become a CVE CNA. We will have another call for Appthority and some Board members to discuss further.
  • Previous Action Item: Continue discussion to define set of product types, define value, determine whether it can be automated, and the effort involved in doing so (tagging).
    • Status: Not done.
  • Previous Action Item: Marketing message for CVE—send out CVE 101 to group and use as starting point (may need to customize for different audiences).
    • Status: Not Done.

2:15 – 2:30: Working Groups 

·         Strategic Planning – Kent Landfield / Chris Coffin

·         Automation – Chris Johnson / Dave Waltermire

 

2:30 – 2:45: CNA Update

·         DWF – Kurt Seifried

·         MITRE – Jonathan Evans

·         JPCERT – Taki Uchiyama

 

2:45 – 3:50: Open Discussion

3:50 – 4:00: Action items, wrap-up – Chris Coffin

 

 

 

 

Attachment: CVE Strawman.docx
Description: CVE Strawman.docx


Page Last Updated or Reviewed: September 05, 2018