CVE Board Agenda for Wednesday, 13 November

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

CVE Board Agenda for Wednesday, 13 November

Bazar, Jo E.

 

2:00 – 2:15: Introductions, action items from the last meeting 

2:15 – 2:30: Working Groups

  • Outreach and Communications Working Group (OCWG): Shannon Sabens
  • CNA Coordination Working Group (CNACWG): Tod Beardsley
  • Quality Working Group (QWG): Chris Coffin
  • Automation Working Group (AWG): Lew Loren
  • Strategic Planning Working Group (SPWG): Kent Landfield/Chris Coffin

 

2:30 – 2:45: Root CNA Update

  • MITRE: Jo Bazar
  • JPCERT: Jonathan Evans/Chris Coffin

 

2:45 – 3:00: CVE Global Summit – Beverly Miller Alvarez

3:00 – 3:15: CNA Rules Revision Status – Jonathan Evans

3:15 – 3:45: Board Charter Updates – Chris Coffin/Kent Landfield

3:45 – 3:55: Open Discussion  

3:55 – 4:00: Action items, wrap-up

 


#


Action Item


Responsible Party


Status


Comments

1.23.1

Assemble additional operational guidance for program participation by CNAs (e.g., webinars, instructional videos).

MITRE (Evans)

In Process

MITRE assembled a list of guidance priorities and other areas of the program; the top five priorities are listed below:

  1. How to submit entries to MITRE using the web form (CNA Submission process)
  2. CVE ID assignment rule (Counting) – DRAFT sent for inputs to CNACWG and OCWG
  3. Becoming a CNA – DRAFT sent for inputs to CNACWG and OCWG
  4. CVE Program (includes Root structure) 
  5. How to request MITRE CNA populate a CVE entry (CNA Process)
  6. How to create a CVE Entry (CNA Entry creation)

 

10/30 Update: A timeline was prepared and will be shared at the next board meeting. “Becoming a CNA” will be sent by COB 11/1/19, and the CVE Board members will have two weeks to provide feedback.

11/13 Update: Feedback is due by 11/17 for Becoming a CNA and the CVE Entry Creation is scheduled to be released NLT 11/17, feedback will be due by 12/1/2019.

4.17.5

Research solution for storing, archiving, and central repository for CVE Board and WG meeting minutes, recordings, as well as tracking action items.

MITRE (Lew L.)

In Process

10/30 Update: The developers are setting up online storage in Glacier; download will be available after 90 days and will take a few days.

6.26.2

Update Charter to reflect new interview process of board nominations and that CVE Board member can send nominations directly to the private board list. 

MITRE (Chris C.)/Kent L.

In Process

10/2 Update: Kent explained a draft is in process; once completed, Chris C. will provide his input and send to the CVE Board for review and feedback. The CVE Board should expect to receive a draft in the next few weeks. 

10/30 Update: Kent and Chris have a meeting scheduled this week to finish the drafts of the documents.

11/13 Update: updated Board Charter was sent to the Board for review on 11/5.

6.26.3

Update Charter to reflect new Board nomination interview process. When a new Board member is nominated, a 30-minute interview is conducted during the next Board call.

MITRE (Chris C.)/Kent L.

In Process

10/2 Update: Kent explained a draft is in process; once completed, Chris C. will provide his input and send to the CVE Board for review and feedback. The CVE Board should expect to receive a draft in the next few weeks. 

10/30 Update: Kent and Chris have a meeting scheduled this week to finish the drafts of the documents.

11/13 Update: updated Board Charter was sent to the Board for review on 11/5.

7.24.01

Develop a strategy for handling public but low-quality vulnerabilities, especially cases where the vendor or maintainer has not acknowledged the vulnerability.

MITRE

(Chris C./Jonathan E.)

In Process

9/4 Update: Outline drafted by Jonathan and is being reviewed by the CVE team.

7.24.02

Draft language clarifying CVE charter around organizational voting. (When do we merge votes based on organizational affiliation)

MITRE (Chris C.)/Kent L.

In Process

10/2 Update: Kent explained a draft is in process; once completed, Chris C. will provide his input and send to the CVE Board for review and feedback. The CVE Board should expect to receive a draft in the next few weeks. 

 

10/30 Update: Kent and Chris have a meeting scheduled this week to finish the drafts of the documents.

11/13 Update: updated Board Charter was sent to the Board for review on 11/5.

8.21.01

Take the lead for contest open to the community to create new CVE logo.

OCWG

In Process

9/4 Update: OCWG discussed at last meeting and is seeking additional guidance from the CVE Board.

10/16 Update: Shannon provided a list of requirements/questions for the CVE Board to consider. 

10.16.01

Follow up with MITRE legal about CVE logo language and design usage and required approvals. 

MITRE (Chris L.)

Not Started

Assigned October 16, 2019

  10.16.02

MITRE communicate RBP backlog strategy to CVE Board.

MITRE (Chris L.)

In Progress

11/13 Update: Jonathan will provide an update in the next board meeting.

  10.16.04

SPWG down select CVE domain names and present options to CVE Board for final selection and approval. 

MITRE (Chris C.)

Completed

10/30 Update: CVE Domain names were sent to CVE Board members for consideration on 10/24/2019. SPWG working on down-selecting CVE domain names.

11/13 Update: Four CVE Domains were selected by the SPWG.

10.16.05

Send CNA Press template to CVE Board.

MITRE (Jo Bazar)

In Process

10/30 Update: Press release sent to CVE Board for input due NLT 10/28/2019. Re-send to Kent for review.

11/13 Update: Feedback received and forwarded feedback to OCWG for review.

10.30.01

Send CVE Global Summit 2020 HOLD_THE_DATE calendar invite to CNA list (placeholder with hotel information.

MITRE (Beverly A./Jo B.)

Completed

Invite sent on 11/5/2019

10.30.02

Update RBP threshold policy to include consequences for CNA’s with backlogs over the specific threshold.

MITRE (Jonathan E./Jo B.)

Not Started

Assigned 10/30/2019