CVE Board Agenda - Wednesday, September 19, 2018

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

CVE Board Agenda - Wednesday, September 19, 2018

Common Vulnerabilities & Exposures

2:00 – 2:15: Introductions, action items from the last meeting – Chris Coffin

  • Previous Action Item: MITRE to send out an email to the Board list to initiate the CNA Rules revision process (regarding inclusion).
    • Status: Not Done.
  • Previous Action Item: Send out note to the Board on the CVE Quality WG (MITRE).
    • Status: Complete.
  • Previous Action Item: Continue discussion to define set of product types, define value, determine whether it can be automated, and the effort involved in doing so (tagging).
    • Status: Moved future discussion list.
  • Previous Action Item: Distribute MITRE congressional slides once submitted to Congress.
    • Status: Response in progress.
  • Previous Action Item: Communicate to researcher CNAs – new CNA are hold. Explain that clarifications need to be made about roles and responsibilities before new CNA’s are confirmed.
    • Status: In progress.
  • Previous Action Item: Reach out to HackerOne regarding response to CNA query.
    • Status: Done. Initial response was belated due to automated tier 1 response system. HackerOne suggests CNA email for future communications.
  • Previous Action Item: MITRE to provide metrics on the number of researcher CNAs vs. the number of vendor CNAs.
    • Status: In progress.
  • Previous Action Item: Kurt Seifried to provide the names of those participating in the CVE User Registry project and set up a requirements kickoff meeting.
    • Status: Not Done.
  • Previous Action Item: MITRE to send a note to the CNA group email soliciting participation in Automation Working Group projects.
    • Status: Not Done.
  • Previous Action Item: MITRE to distribute CVE Root discussion slides to the Strategic Planning Working Group.
    • Status: Complete.

2:15 – 2:30: Working Groups 

·         Strategic Planning – Kent Landfield / Chris Coffin

·         Automation – Chris Johnson / Dave Waltermire

 

2:30 – 2:45: CNA Update

·         DWF – Kurt Seifried

·         MITRE – Jonathan Evans

·         JPCERT – Taki Uchiyama

 

2:45 – 3:50: Open Discussion

3:50 – 4:00: Action items, wrap-up – Chris Coffin