CVE Board Agenda for Wednesday, 1 May 2019

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

CVE Board Agenda for Wednesday, 1 May 2019

Coffin, Chris

CVE Board Meeting – 1 May 2019

Agenda

2:00 – 2:15: Introductions, action items from the last meeting (action items are listed at the end of this message below)

2:15 – 2:30: Working Groups

  • CNA Coordination Working Group (CCWG) - Tod Beardsley
  • Quality Working Group (QWG): Dave Waltermire/Chris Coffin
  • Cloud Security Alliance (CSA)– Kurt Seifried
  • Automation Working Group (AWG)– Lew Loren
  • Strategic Planning Working Group (SPWG)– Kent Landfield/Chris Coffin

 

2:30 – 2:45: Root CNA Update

  • MITRE – Jonathan Evans
  • JPCERT – Taki Uchiyama

 

2:45 – 3:30: CY19 Q1 Quarterly Report – Jonathan Evans

 

3:30 – 3:55: Open Discussion Board

3:55 – 4:00: Action items, wrap-up

 

Review of Action Items from Board Meeting held on 17 April 2019


#


Action Item


Responsible Party


Status


Comments

1.23.1

Assemble additional operational guidance for program participation by CNAs (e.g., webinars, instructional videos).

MITRE (Evans/Sain)

In Process

MITRE assembled a list of guidance priorities and other areas of the program; the top five priorities are listed below:

  1. How to submit entries to MITRE using the web form 
  2. CVE ID assignment rule (Counting) 
  3. Becoming a CNA
  4. CVE Program (includes Root structure)
  5. How to request the MITRE CNA populate a CVE entry

 

4/3 Update: Jonathan has started assigning some of the individual modules to members of the CNA coordination team and content team. In addition, the CCWG is also reviewing and updating the existing online guidance.

1.23.7

Contact GitHub to determine its interest in becoming a CNA.

Microsoft (Lisa Olson)

In Process

4/30 Update: Meeting with GitHub setup for 5/3 to kick off the onboarding process.  Scope will be a major topic of the meeting.

2.6.9

Organize an event at Blackhat USA (August 2019) to celebrate 20 years of CVE.

MITRE (Joe S./Levendis)

In Process

4/3 Update: Nothing has been started yet; Chris L. will check with MITRE to see if he can come up with anything. Board members indicated he feels like they could do some fund raising.

4/17: In the process of obtaining RFPs from venues close to convention center (Mandalay Bay) and reaching out to MITRE Strategic Communications for help as well.  

3.20.1

Document lessons learned from Microsoft automation submission process for other CNAs who want to move to GitHub automation process.

MITRE (Joe S.)

Not Started

4/17 Update: Will coordinate with Microsoft and the MITRE GitHub team.

3.20.11

Review alternatives for public facing CVE Board discussion group archives.

MITRE (Joe S.)

In process

4/17 Update: Gathering information on alternative hosting platforms. Plan is to begin transitioning to a new platform mid-May.

 

3.20.12

Provide feedback/comment on the Rules Revision process email (sent on March 21, 2019 at 1:51 p.m. by Jonathan E).

CVE Board

In Process

4/17 Update: Kent provided his feedback on 4/4.

3.20.13

Write up GDPR and GitHub issue.

MITRE (Lew L./Kent L.)

In Process

4/17 Update: Kent will be providing feedback and possibly a rewrite.

 

4.17.1

Assemble list of conferences and key meetings, call for Papers and due dates and add to CVE Board Agenda (Include 3rd vulnerability summit May 2019)

MITRE

(Jo B.)

In Process

5/1: Draft list composed, adding Call for Papers dates if available.   

4.17.2

Readout of conferences the CVE Program participates in or attends. Provide an analysis and benefit of attending. IOT (Jan’19), HIMSS (Feb’19), VRDX (May 2019), PFIRST (April’19),

MITRE

(Jo B.)

Completed

5/1: Readout included in Quarterly Report CY19 Q1.

4.17.3

Break out future discussion items in the following categories: Ongoing, Future, and OBE. Report back to CVE Board and add for future discussions items.

MITRE (CVE Team)

In Process

5/1: MITRE CVE team met to review the discussion items. Jonathan is categorizing the items into their appropriate functional area.

4.17.4

Talk to Katie about ICS-CERT becoming a root CNA and schedule a meeting with ICS-CERT.

MITRE (Chris L.)

Not Started

Assigned 4/17/2019

4.17.5

Research solution for storing, archiving, and central repository for CVE Board and WG meeting minutes, as well as tracking action items.

MITRE (CVE Team)

Not Started

Assigned 4/17/2019

4.17.7

Follow up with Kurt S. about the survey results; obtain for future use in QWG.

MITRE (Chris C.)

Not Started

Assigned 4/17/2019

5/1: Kurt will make all of this information available to the Board with his final report.