Agenda for CVE Board Meeting Wednesday, January 10, 2018
Dear Members of the CVE Board -
Happy new year!
Here is the agenda for Wednesday’s CVE Board Meeting.
The MITRE CVE Team
CVE Board Meeting 10 January 2018 - Agenda
2:00 – 2:05: Introductions, action items from the last meeting – Chris Coffin
Dave Waltermire will send out an email on SWID tags with links to standards documents. Kent Landfield and Art Manion will
provide additional information.
MITRE to add vendor and product naming discussion to CNA Summit agenda - Done
MITRE to send out draft CNA Summit agenda to the Board for feedback - Attached
Dave to send email about infrastructure/code that should be shared with the community (GitHub discussion)
MITRE to set up another call to discuss the infrastructure/code that should be shared with the community (GitHub issue)
MITRE to send out new draft of Board charter
MITRE to send out new draft of CNA processes document
MITRE to set up CNA rules discussion at summit (What are the most impactful changes?)
Art, Dave, and Kent to start on a CNA Rules document update (Kent will act as editor)
Automation WG discussion needed on data authorizations
Kent will send vulnerability discussion document that will be presented in Osaka
2:05 – 2:25: Working Groups
Strategic Planning – Kent Landfield
Automation – George Theall
2:25 – 2:50: CNA Update
DWF – Kurt Seifried
General – Jonathan Evans, Nick Caron
2:50 - 3:00: CVE CNA Summit Topics for the Agenda – Joe Sain
Panel Discussion - The Current State of CVE and the CNA Program – Where we are, the need to scale the program; where we
are, and plans going forward – Chris Levendis, Chris Coffin, Jonathan Evans, Tom Millar
CNA Issues and Challenges facing CNAs– Content Quality, Conflict Resolution, CNA Training, and Other Thorny Issues
Panel Discussion - Accelerating CVE Data Exchange: Automation and the Git Pilot – George Theall, Kent Landfield, Kurt Seifried,
Meltdown, Spectre, and CVE: Handling Vulnerabilities that Present Multiple Issues Across Multiple Vendors
Workshop - CVE and Supply Chain Relationships: The Intel Puma chipset issue and how vulnerabilities flow down to other products that use the chipset - Art Manion, Moderator
Process for Assigning CVE IDs and Formatting Advisories – Larry Cashdollar, Moderator
CVEs for Open Source Software – Kurt Seifried?
CNA Onboarding and Management – Jonathan Evans, Nick Caron
CVE Federation Philosophy – Root CNAs, Sub-CNAs, and how they are organized
CNA Rules 2.0 Discussion – Impact of the changes, and how other incremental changes will affect CNA operations
How should hardware be incorporated into CVE?
Is there value in incorporating services into CVE?
Developing a registry of vendor and product names, CNA and non-CNA contact lists in JSON
3:00 – 3:30: CNA Feedback Mechanisms – David Waltermire
3:30 – 3:45: CVE Board Membership, alternates, and succession planning – Chris Coffin