Here is the agenda for the CVE Board teleconference on Wednesday, May 3 at 2PM - 4PM.
The CVE Team
CVE Board Meeting 3 May 2017
2:00 – 2:05: Introductions, action items from the last meeting - Chris Coffin
2:05 – 2:35: Interview Board Member Candidate - CVE Board
2:35 – 2:55: Working Groups
Strategic Planning - Harold Booth/Art Manion/Kent Landfield
Automation - Harold Booth/Kurt Seifried
2:55 – 3:20: CNA Update
DWF – Kurt Seifried
General - Dan Adinolfi
3:20 – 3:30: CNA Report Card for First Quarter 2017 Follow-up - Dan Adinolfi
3:30 – 3:40: Formal CNA Rules Change - 24-hour notification limit upon CVE ID used publicly - Chris Coffin
3:40 – 3:55: Discussion: Three potential topics:
1) Should CNAs assign CVE IDs to bundled third-party components where the component isn't in their scope, strictly speaking? Should they instead assign through the DWF for OSS, for
2) We will consider whether Working Groups can run pilots without the Board's permission, and in what form should that permission come?
3) There is a suspicion that most people they do not know how to interact with the Board (e.g., just email random members?), so contacting MITRE and doing it via MITRE seems reasonable,
but also a potential conflict of interest as it were. The Board should start a laundry list of process/procedural things that might need fixing.