[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CONTENT DECISION: Content Decision Proposal Plan (voting this week)
Below is a high-level plan for the order in which I propose content decisions. All content decisions will be proposed this week, using a subject line that begins with "CD PROPOSAL: " All Board members are strongly urged to vote on these content decisions, even if it's a NOOP. I will schedule a week for discussion before moving these decisions to the Modification or Interim Decision phases. In general, a week should be sufficient since many of the content decisions have been debated for quite some time. For the Editorial Board to validate a total of 300 candidates by public release of the CVE in early September, many of these content decisions must be resolved by the end of August. 1) Propose pervasive content decisions (Monday-Tuesday, 8/16-17) These content decisions directly or indirectly affect all vulnerabilities within the CVE. Some have been highly controversial, thus their resolution is extremely important. 2) Propose content decisions for software flaws (Tue, 8/17) These content decisions are not pervasive, but many have a large number of candidates whose acceptance or modification depends on that content decision. 3) Propose content decisions for Software/Application presence (Wed, 8/18) Most of these content decisions caused high controversy, but will be more easily resolved if the inclusive vulnerability definition is adopted. 4) Propose content decisions for exceptions (Thu, 8/19) Some of these content decisions are low controversy. Others will be more easily resolved if the inclusive vulnerability definition is adopted. 5) Propose content decisions for configuration errors (Fri, 8/20) These are the least understood types of problems, and the most difficult to enumerate. Therefore, they will receive the lowest priority, although they affect a fairly large number of candidates.