CVE Board Agenda for Wednesday, 29 May 2019

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

CVE Board Agenda for Wednesday, 29 May 2019

Coffin, Chris

Agenda

2:00 – 2:15: Introductions, action items from the last meeting

2:15 – 2:30: Working Groups

  • CNA Coordination Working Group (CCWG) - Tod Beardsley
  • Quality Working Group (QWG): Dave Waltermire/Chris Coffin
  • Cloud Security Alliance (CSA)– Kurt Seifried
  • Automation Working Group (AWG)– Lew Loren
  • Strategic Planning Working Group (SPWG)– Kent Landfield/Chris Coffin

 

2:30 – 2:45: Root CNA Update

  • MITRE – Jonathan Evans
  • JPCERT – Taki Uchiyama

 

2:45 – 3:55: Open Discussion Board

3:55 – 4:00: Action items, wrap-up

Review of Action Items from Board Meeting held on 15 May 2019


#


Action Item


Responsible Party


Status


Comments

1.23.1

Assemble additional operational guidance for program participation by CNAs (e.g., webinars, instructional videos).

MITRE (Evans/Sain)

In Process

MITRE assembled a list of guidance priorities and other areas of the program; the top five priorities are listed below:

  1. How to submit entries to MITRE using the web form 
  2. CVE ID assignment rule (Counting) 
  3. Becoming a CNA
  4. CVE Program (includes Root structure)
  5. How to request the MITRE CNA populate a CVE entry

 

4/3 Update: Jonathan has started assigning some of the individual modules to members of the CNA coordination team and content team. In addition, the CCWG is also reviewing and updating the existing online guidance.

2.6.9

Organize an event at Blackhat USA (August 2019) to celebrate 20 years of CVE.

MITRE (Joe S./Levendis)

In Process

5/15: Approval received for the 20 year celebration at Blackhat USA, in Las Vegas.

5/29 – Meeting room logistics underway and being routed through MITRE approval process.

3.20.1

Document lessons learned from Microsoft automation submission process for other CNAs who want to move to GitHub automation process.

MITRE (Joe S.)

Not Started

5/29 Update: Meeting proposed for Monday, June 3 with Microsoft security staff to discuss their experiences.

3.20.11

Review alternatives for public facing CVE Board discussion group archives.

MITRE (Joe S.)

In process

5/29 Update: Reviewing alternatives over the next week. Plans are to test functionality of top contenders over the following 2 weeks.

3.20.13

Write up GDPR and GitHub issue.

MITRE (Lew L./Kent L.)

In Process

5/15 Update: GDPR updates will be presented at the CNA Summit by the SPWG.

4.17.1

Assemble list of conferences and key meetings, call for Papers and due dates and add to CVE Board Agenda (Include 3rd vulnerability summit May 2019)

MITRE

(Jo B.)

In Process

5/15: Draft list sent to CVE Board on May 10th.   

5/15 Update: MITRE Team will add categories to each conference; community involvement, promote CVE program, and CNA recruitment.

5/29 – Draft categories assigned, MITRE team reviewing.

4.17.3

Break out future discussion items in the following categories: Ongoing, Future, and OBE. Report back to CVE Board and add for future discussions items.

MITRE (CVE Team)

In Process

5/1 Update: MITRE CVE Team met to review the discussion items and the future discussion items will be categorized into appropriate functional areas. 

5/29 – MITRE team meeting this week to finalize document.

4.17.5

Research solution for storing, archiving, and central repository for CVE Board and WG meeting minutes, as well as tracking action items.

MITRE (CVE Team)

In Process

5/15 Update: Jonathan sent the SharePoint site to the working groups for rules revision collaboration and for use for other working group materials. A handshake account is required to access the site.

4.17.7

Follow up with Kurt S. about the survey results; obtain for future use in QWG.

MITRE (Chris C.)

In Process

5/15: Kurt sent an email on 5/13 suggesting that the survey be closed and published as they have not been any new results since 5/2.

5.1.02

Send Cloud survey to CNA List so they can provide input.

Kurt S.

In Process

5/15: Waiting on survey to close in item 4.17.1.

5.15.1

Meet at CNA Summit to create the invitation list for CVE celebration

ALL

Not Started

Assigned 5/15/2019