Approaching Deadlines for CVE Validation

["Steven M. Christey" <coley@linus.mitre.org>]

All:

While Dave Mann and I have referred to this in the past, I'd like to
make it clear that we need to reach the following deadlines.

1) By August 2, all candidates for the draft CVE will have been
proposed.  This also means that all content decisions (as they exist
today) will also have been proposed, and many will have been decided.

2) By August 15, MITRE intends to host two CVE Review meetings in
order to get as many Editorial Board members to meet face-to-face as
possible.  Details will be provided in the next message.

3) By August 31, I will have made all Final Decisions on the original
draft CVE.  (Note that this is 4 months after the draft was sent to
original Board members, although of course the newer members haven't
had it that long).  If necessary, I will make decisions on individual
vulnerabilities without extensive confirmation, provided they do not
violate any outstanding content decision issues.  Minor modifications
(e.g. references or small description changes) can be made later.

4) After the validation is complete, we will begin the process of (a)
including new vulnerability information, (b) creating other Candidate
Numbering Authorities besides me, and (c) filling in the gaps in the
CVE with respect to other databases.  Note of course that (c) largely
means "more of the same" with respect to proposing and validating
large clusters of candidates.

- Steve