CONTENT DECISION: Content Decision Proposal Plan (voting this week)

["Steven M. Christey" <coley@linus.mitre.org>]

Below is a high-level plan for the order in which I propose content
decisions.  All content decisions will be proposed this week, using a
subject line that begins with "CD PROPOSAL: " All Board members are
strongly urged to vote on these content decisions, even if it's a
NOOP.

I will schedule a week for discussion before moving these decisions to
the Modification or Interim Decision phases.  In general, a week
should be sufficient since many of the content decisions have been
debated for quite some time.

For the Editorial Board to validate a total of 300 candidates by
public release of the CVE in early September, many of these content
decisions must be resolved by the end of August.



1) Propose pervasive content decisions (Monday-Tuesday, 8/16-17)

These content decisions directly or indirectly affect all
vulnerabilities within the CVE.  Some have been highly controversial,
thus their resolution is extremely important.

2) Propose content decisions for software flaws (Tue, 8/17)

These content decisions are not pervasive, but many have a large
number of candidates whose acceptance or modification depends on that
content decision.

3) Propose content decisions for Software/Application presence (Wed, 8/18)

Most of these content decisions caused high controversy, but will be
more easily resolved if the inclusive vulnerability definition is
adopted.

4) Propose content decisions for exceptions (Thu, 8/19)

Some of these content decisions are low controversy.  Others will be
more easily resolved if the inclusive vulnerability definition is
adopted.

5) Propose content decisions for configuration errors (Fri, 8/20)

These are the least understood types of problems, and the most
difficult to enumerate.  Therefore, they will receive the lowest
priority, although they affect a fairly large number of candidates.