|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [TECH] New Voting Support Enhancements for Board Members
All: In the never-ending quest to make it easier for Board members to vote, the following enhancements have been made. Note that online voting via web site is planned for the long term, but it is presently a lower priority than some other activities. Until then, other measures will be taken, such as the ones I've outlined below. Use of URLs for References in Candidates ---------------------------------------- When accessible, references with URLs will be included with candidates. This should make it easier for Board members to more quickly access references, especially for mailing list messages. The generalized references used by CVE, i.e. SOURCE:ID, are often extremely useful for speedy visual correlation of data when looking up a specific vulnerability, and they reduce the amount of maintenance for links. However, generalized references are not convenient for some kinds of voting activities, where the voter may want to directly consult the reference before voting. Future candidates will therefore include URLs whenever possible. These URLs will be stripped and/or converted into generalized references when the candidate is ACCEPTed and converted into an official entry. Thanks to Kevin Ziese for suggesting that we incorporate references directly into ballots. This is a bit smaller scale than his idea, but it's a start ;-) Customized, Prioritized Voting Ballots ---------------------------------------- With the large number of candidates and clusters to deal with, it can be difficult for a Board member to prioritize which problems to tackle first. Some members prefer to work on an entire cluster all at once, but the size of the clusters makes this more difficult. Members with specialized knowledge may find it difficult to wade through clusters to find the problems that they can vote on. "High-priority" problems can also get lost in the mix, and may take longer than they "should." For example, most candidates that are confirmed by a Microsoft or Sun advisory should be approved within two or three weeks of the initial proposal, but that does not always happen, especially in recent months. To address this, customized voting ballots will be made available to each Board member. They only identify the issues that the member hasn't voted on yet. All the ballots are packaged and made accessible by a single HTML document. Each cluster has a separate entry. Within each cluster, the ballots are further broken down by OS family (NT/Unix/Misc) and a rough notion of "priority" with respect to votes. For example, candidates that are associated with advisories get a higher priority (and a separate ballot) than candidates where there is a posting to a mailing list, but no confirmation by a vendor. Thus each individual ballot may identify a more manageable set of candidates to vote on. Because CVE isn't supported by a database, the division by OS and priority are not necessarily completely accurate. However, this is a reasonable first effort. If successful, it may form the basis of a web-based voting package. A sample voting ballot will be posted in the next email. Please review it and let me know what you think and, while you're at it, toss in a few votes ;-) - Steve
|
||||
