CVE Board Meeting
8 February 2017, 2:00 p.m. EST
The CVE Board met via teleconference on 8 February 2017.
Board members in attendance were:
Kent Landfield (Intel)
Art Manion (CERT-CC)
Kurt Seifried (Red Hat)
Taki Uchiyama (JP CERT)
William Cox (Black Duck)
Members of the MITRE CVE Team who attended the call are as follows:
2:00 – 2:05: Introductions, action items from the last meeting – Chris Coffin
2:05 – 2:25: Working Groups
Strategic Planning - Kent Landfield
Automation - Harold Booth
2:25 – 2:50: CNA Update
DWF – Kurt Seifried
General - Dan Adinolfi
2:50 – 3:00: RSA Planning and Priorities - Dan Adinolfi
3:00 – 3:10: CNA Documentation - Dan Adinolfi
3:10 – 3:55: Open discussion – CVE Board
3:55 – 4:00: Action items, wrap-up – Chris Coffin
The meeting began with review of previous action items.
Introductions, action items from the last meeting – Chris Coffin
The question as to how best to create a group of CVE IDs for testing was deferred to the Automation Working Group.
MITRE still has the review of public CVE pages and what information about CVE is available elsewhere to be done.
MITRE will be sending out a new Board meeting schedule to accommodate a wider geographic array of members.
MITRE will be developing a new version of the reservation guidelines.
Any oss-security mailing list CVE requests will be directed to the CVE Request form (and, eventually, the DWF).
RSA Planning and Priorities - Dan Adinolfi
CVE will have a presence at the 2017 RSA conference. Kent Landfield and Kurt Seifried will be presenting on how the DWF has been developed as well as lead a discussion session. Dan Adinolfi will be presenting at the CERT Vendor Meeting to inform CERTs and drum up interest in the creation of new CNAs.
CNA Documentation - Dan Adinolfi
MITRE presented a CNA documentation list and diagram asking for the Board to help prioritize the list. The items on the list are intended to help educate and inform CNAs and those interested in CVE. The Board asked for more information on each document before deciding on priority. The Board also requested that the documents be developed in GitHub to allow for easier co-development.
Open discussion – CVE Board
There is a draft of the CPE for CVE use cases that MITRE would like the Board’s feedback on.
Action items, wrap-up – Chris Coffin
CVE Board Meeting_2_8_17.docx
Description: CVE Board Meeting_2_8_17.docx