CVE Board Agenda for Wednesday, 26 June 2019

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

CVE Board Agenda for Wednesday, 26 June 2019

Coffin, Chris

 

Agenda

2:00 – 2:15: Introductions, action items from the last meeting 

2:15 – 2:30: Working Groups

  • CNA Coordination Working Group (CNACWG) - Tod Beardsley
  • Quality Working Group (QWG): Dave Waltermire/Chris Coffin
  • Automation Working Group (AWG)– Lew Loren
  • Strategic Planning Working Group (SPWG)– Kent Landfield/Chris Coffin

 

2:30 – 2:45: Root CNA Update

  • MITRE – Jonathan Evans
  • JPCERT – Taki Uchiyama

 

2:45 – 3:15: Vendor-confirmed SaaS-based vulnerability

3:15 – 3:55: Open Discussion Board

3:55 – 4:00: Action items, wrap-up

Review of Action Items from Board Meeting held on 12 June 2019


#


Action Item


Responsible Party


Status


Comments

1.23.1

Assemble additional operational guidance for program participation by CNAs (e.g., webinars, instructional videos).

MITRE (Evans/Sain)

In Process

MITRE assembled a list of guidance priorities and other areas of the program; the top five priorities are listed below:

  1. How to submit entries to MITRE using the web form 
  2. CVE ID assignment rule (Counting) 
  3. Becoming a CNA
  4. CVE Program (includes Root structure)
  5. How to request the MITRE CNA populate a CVE entry

 

4/3 Update: Jonathan has started assigning some of the individual modules to members of the CNA coordination team and content team. In addition, the CCWG is also reviewing and updating the existing online guidance.

6/12 Update: In process. Some of the draft scripts completed for the online individual modules and the existing online guidance are also being reviewed and updated.

2.6.9

Organize an event at Blackhat USA (August 2019) to celebrate 20 years of CVE.

MITRE (Joe S./Levendis)

In Process

6/12 Update: Contract is signed with Blackhat; waiting on confirmation of event date 8/7 or 8/8 before we can proceed with approvals. Once approved by BH, we can move forward with the event planning with Excalibur. The group agreed and the majority voted for August 7th.

6/13: Approval form sent to BAH, pending approval.

6/26: Approval received from BAH, space is available at the Excalibur.

3.20.11

Review alternatives for public facing CVE Board discussion group archives (currently Nabble).

MITRE (Joe S.)

In process

5/29 Update: Reviewing alternatives over the next week. Plans are to test functionality of top contenders over the next two weeks.

4.17.3

Break out future discussion items in the following categories: Ongoing, Future, and OBE. Report back to CVE Board and add for future discussions items.

MITRE (CVE Team)

In Process

5/1 Update: MITRE CVE Team met to review the discussion items and the future discussion items will be categorized into appropriate functional areas. 

5/29 Update: MITRE team meeting this week to finalize document.

6/11: Future discussion items were revised in 5/29 meeting minutes, for review and comment by the CVE Board.

6/26: Discussed in the 6/24 SPWG call. Board should walk through the items in the next call

4.17.5

Research solution for storing, archiving, and central repository for CVE Board and WG meeting minutes, as well as tracking action items.

MITRE (CVE Team)

In Process

5/15 Update: Jonathan sent the SharePoint site to the working groups for rules revision collaboration and for use for other working group materials. A handshake account is required to access the site.

6/12 Update: CNA SharePoint site is up (MITRE partners account is required), Handshake account is used for current meeting recordings and we are moving the archive of recordings to Amazon glacier for cold storage.   

4.17.7

Follow up with Kurt S. about the survey results; obtain for future use in QWG.

MITRE (Chris C.)

In Process

5/15 Update: Kurt sent an email on 5/13 suggesting that the survey be closed and published as there have not been any new results since 5/2.

6/26: Google docs report has been available since 5/14 and it has an image of the survey results. Sent an email to Kurt to get those results in a more accessible format.

5.1.02

Send Cloud survey to CNA List so they can provide input.

Kurt S.

In Process

5/15 Update: Waiting on survey to close on item 4.17.1.

5.15.1

Meet at CNA Summit to create the invitation list for CVE celebration

ALL

In Process

Assigned 5/15/2019

6/26: Discussed in the 6/24 SPWG call. This topic needs to be addressed in the next Board call.

6.12.1

Send short names for CNA to review and provide input.

CNA Coordinators

In Process

Assigned June 12, 2019.

6/26: List sent to CVE Board for review 6/26.

6.12.2

Finalize “Trifold” or “Flyer” before CVE 20-year Milestone event in Las Vegas, on August 7th.

CVE Board (select)

/MITRE

In Process

6.12 Update: Draft flyer sent to Beverly M., Kent L., Tod B., Shannon S., Andrea T. and Taki U. for review and feedback with a due date of June 28, 2019.

6.12.3

Develop Objectives/Goals for Marketing WG, send to CVE Board for review and feedback. Next step is to send to CNA List for CMWG volunteers and participation. 

MITRE (Jo Bazar)

In Process

6.26: Draft deck prepared and pending review by CVE Team.