CVE Board Agenda for Wednesday, 4 September 2019

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

CVE Board Agenda for Wednesday, 4 September 2019

Bazar, Jo E.

Agenda

2:00 – 2:15: Introductions, action items from the last meeting 

2:15 – 2:30: Working Groups

  • Outreach and Communications Working Group (OCWG): Shannon Sabens
  • CNA Coordination Working Group (CNACWG): Tod Beardsley
  • Quality Working Group (QWG): Chris Coffin
  • Automation Working Group (AWG): Lew Loren
  • Strategic Planning Working Group (SPWG): Kent Landfield/Chris Coffin

 

2:30 – 2:45: Root CNA Update

  • MITRE: Jonathan Evans/Jo Bazar
  • JPCERT: Jonathan Evans/Chris Coffin

 

2:45 – 3:00: CNA Summit 2020 (Updates)

3:00 – 3:55: Open Discussion  

3:55 – 4:00: Action items, wrap-up

 


#


Action Item


Responsible Party


Status


Comments

1.23.1

Assemble additional operational guidance for program participation by CNAs (e.g., webinars, instructional videos).

MITRE (Evans/Sain)

In Process

MITRE assembled a list of guidance priorities and other areas of the program; the top five priorities are listed below:

  1. How to submit entries to MITRE using the web form 
  2. CVE ID assignment rule (Counting) 
  3. Becoming a CNA
  4. CVE Program (includes Root structure)
  5. How to request the MITRE CNA populate a CVE entry

 

8/21 Update: Jonathan sent draft CNT1 and CNT2 to OCWG and CNACWG for review and feedback by 9/13/19.

4.17.5

Research solution for storing, archiving, and central repository for CVE Board and WG meeting minutes, recordings, as well as tracking action items.

MITRE (Lew L.)

In Process

6/12 Update: CNA SharePoint site is up (MITRE partners account is required), Handshake account is used for current meeting recordings and we are moving the archive of recordings to Amazon glacier for cold storage.   

8/21 Update: Next step is to move the recordings to the Amazon glacier for cold storage.   

6.26.2

Update Charter to reflect new interview process of board nominations and that CVE Board member can send nominations directly to the private board list. 

MITRE (Chris C.)/Kent L.

Not Started

Assigned 6/26/2019

6.26.3

Update Charter to reflect new Board nomination interview process. When a new Board member is nominated, a 30-minute interview is conducted during the next Board call.

MITRE (Chris C.)/Kent L.

Not Started

Assigned 6/26/2019

7.24.01

Develop a strategy for handling public but low-quality vulnerabilities, especially cases where the vendor or maintainer has not acknowledged the vulnerability.

MITRE

(Chris C./Jonathan E.)

In Process

9/4 Update: Outline drafted by Jonathan and is being reviewed by the team.

7.24.02

Draft language clarifying CVE charter around organizational voting. (When do we merge votes based on organizational affiliation)

MITRE (Chris C.)/Kent L.

In Process

Assigned July 24, 2019

8.21.01

Take the lead for contest open to the community to create new CVE logo.

OCWG

In Process

9/4 Update: OCWG discussed as last meeting and OCWG seeking additional guidance from the CVE Board.

8.21.02

Send email to CVE Board about CNA Summit in March 2020.

MITRE (Jo Bazar)

Completed

9/4 Update: Email sent on August 27th, and no objections with Lenovo hosting 2020 CNA summit.

8.21.03

Set up recurring status meeting with AWG and SPWG (Monthly).

MITRE (Lew Loren)

Not Started

Assigned on August 21, 2019

 

 

 

Reply | Threaded
Open this post in threaded view
|

[EXT] Re: CVE Board Agenda for Wednesday, 4 September 2019

Shannon_Sabens@trendmicro.com

My apology in advance that I have a hard stop at 3 today. Thank you.

 

From: "Bazar, Jo E." <[hidden email]>
Date: Wednesday, September 4, 2019 at 10:36 AM
To: CVE Editorial Board Discussion <[hidden email]>
Cc: "Coffin, Chris" <[hidden email]>
Subject: CVE Board Agenda for Wednesday, 4 September 2019

 

Agenda

2:00 – 2:15: Introductions, action items from the last meeting 

2:15 – 2:30: Working Groups

  • Outreach and Communications Working Group (OCWG): Shannon Sabens
  • CNA Coordination Working Group (CNACWG): Tod Beardsley
  • Quality Working Group (QWG): Chris Coffin
  • Automation Working Group (AWG): Lew Loren
  • Strategic Planning Working Group (SPWG): Kent Landfield/Chris Coffin

 

2:30 – 2:45: Root CNA Update

  • MITRE: Jonathan Evans/Jo Bazar
  • JPCERT: Jonathan Evans/Chris Coffin

 

2:45 – 3:00: CNA Summit 2020 (Updates)

3:00 – 3:55: Open Discussion  

3:55 – 4:00: Action items, wrap-up

 


#


Action Item


Responsible Party


Status


Comments

1.23.1

Assemble additional operational guidance for program participation by CNAs (e.g., webinars, instructional videos).

MITRE (Evans/Sain)

In Process

MITRE assembled a list of guidance priorities and other areas of the program; the top five priorities are listed below:

  1. How to submit entries to MITRE using the web form 
  2. CVE ID assignment rule (Counting) 
  3. Becoming a CNA
  4. CVE Program (includes Root structure)
  5. How to request the MITRE CNA populate a CVE entry

 

8/21 Update: Jonathan sent draft CNT1 and CNT2 to OCWG and CNACWG for review and feedback by 9/13/19.

4.17.5

Research solution for storing, archiving, and central repository for CVE Board and WG meeting minutes, recordings, as well as tracking action items.

MITRE (Lew L.)

In Process

6/12 Update: CNA SharePoint site is up (MITRE partners account is required), Handshake account is used for current meeting recordings and we are moving the archive of recordings to Amazon glacier for cold storage.   

8/21 Update: Next step is to move the recordings to the Amazon glacier for cold storage.   

6.26.2

Update Charter to reflect new interview process of board nominations and that CVE Board member can send nominations directly to the private board list. 

MITRE (Chris C.)/Kent L.

Not Started

Assigned 6/26/2019

6.26.3

Update Charter to reflect new Board nomination interview process. When a new Board member is nominated, a 30-minute interview is conducted during the next Board call.

MITRE (Chris C.)/Kent L.

Not Started

Assigned 6/26/2019

7.24.01

Develop a strategy for handling public but low-quality vulnerabilities, especially cases where the vendor or maintainer has not acknowledged the vulnerability.

MITRE

(Chris C./Jonathan E.)

In Process

9/4 Update: Outline drafted by Jonathan and is being reviewed by the team.

7.24.02

Draft language clarifying CVE charter around organizational voting. (When do we merge votes based on organizational affiliation)

MITRE (Chris C.)/Kent L.

In Process

Assigned July 24, 2019

8.21.01

Take the lead for contest open to the community to create new CVE logo.

OCWG

In Process

9/4 Update: OCWG discussed as last meeting and OCWG seeking additional guidance from the CVE Board.

8.21.02

Send email to CVE Board about CNA Summit in March 2020.

MITRE (Jo Bazar)

Completed

9/4 Update: Email sent on August 27th, and no objections with Lenovo hosting 2020 CNA summit.

8.21.03

Set up recurring status meeting with AWG and SPWG (Monthly).

MITRE (Lew Loren)

Not Started

Assigned on August 21, 2019

 

 

 

TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential 
and may be subject to copyright or other intellectual property protection. 
If you are not the intended recipient, you are not authorized to use or 
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.

For details about what personal information we collect and why, please see our Privacy Notice on our website at: [ https://www.trendmicro.com/privacy] 
Reply | Threaded
Open this post in threaded view
|

Re: [EXT] Re: CVE Board Agenda for Wednesday, 4 September 2019

Kent Landfield
Too much travel during the last few weeks. Will need to miss today’s call.

Kent Landfield
+1.817.637.8026 

On Sep 4, 2019, at 12:14 PM, "[hidden email]" <[hidden email]> wrote:

My apology in advance that I have a hard stop at 3 today. Thank you.

 

From: "Bazar, Jo E." <[hidden email]>
Date: Wednesday, September 4, 2019 at 10:36 AM
To: CVE Editorial Board Discussion <[hidden email]>
Cc: "Coffin, Chris" <[hidden email]>
Subject: CVE Board Agenda for Wednesday, 4 September 2019

 

Agenda

2:00 – 2:15: Introductions, action items from the last meeting 

2:15 – 2:30: Working Groups

  • Outreach and Communications Working Group (OCWG): Shannon Sabens
  • CNA Coordination Working Group (CNACWG): Tod Beardsley
  • Quality Working Group (QWG): Chris Coffin
  • Automation Working Group (AWG): Lew Loren
  • Strategic Planning Working Group (SPWG): Kent Landfield/Chris Coffin

 

2:30 – 2:45: Root CNA Update

  • MITRE: Jonathan Evans/Jo Bazar
  • JPCERT: Jonathan Evans/Chris Coffin

 

2:45 – 3:00: CNA Summit 2020 (Updates)

3:00 – 3:55: Open Discussion  

3:55 – 4:00: Action items, wrap-up

 


#


Action Item


Responsible Party


Status


Comments

1.23.1

Assemble additional operational guidance for program participation by CNAs (e.g., webinars, instructional videos).

MITRE (Evans/Sain)

In Process

MITRE assembled a list of guidance priorities and other areas of the program; the top five priorities are listed below:

  1. How to submit entries to MITRE using the web form 
  2. CVE ID assignment rule (Counting) 
  3. Becoming a CNA
  4. CVE Program (includes Root structure)
  5. How to request the MITRE CNA populate a CVE entry

 

8/21 Update: Jonathan sent draft CNT1 and CNT2 to OCWG and CNACWG for review and feedback by 9/13/19.

4.17.5

Research solution for storing, archiving, and central repository for CVE Board and WG meeting minutes, recordings, as well as tracking action items.

MITRE (Lew L.)

In Process

6/12 Update: CNA SharePoint site is up (MITRE partners account is required), Handshake account is used for current meeting recordings and we are moving the archive of recordings to Amazon glacier for cold storage.   

8/21 Update: Next step is to move the recordings to the Amazon glacier for cold storage.   

6.26.2

Update Charter to reflect new interview process of board nominations and that CVE Board member can send nominations directly to the private board list. 

MITRE (Chris C.)/Kent L.

Not Started

Assigned 6/26/2019

6.26.3

Update Charter to reflect new Board nomination interview process. When a new Board member is nominated, a 30-minute interview is conducted during the next Board call.

MITRE (Chris C.)/Kent L.

Not Started

Assigned 6/26/2019

7.24.01

Develop a strategy for handling public but low-quality vulnerabilities, especially cases where the vendor or maintainer has not acknowledged the vulnerability.

MITRE

(Chris C./Jonathan E.)

In Process

9/4 Update: Outline drafted by Jonathan and is being reviewed by the team.

7.24.02

Draft language clarifying CVE charter around organizational voting. (When do we merge votes based on organizational affiliation)

MITRE (Chris C.)/Kent L.

In Process

Assigned July 24, 2019

8.21.01

Take the lead for contest open to the community to create new CVE logo.

OCWG

In Process

9/4 Update: OCWG discussed as last meeting and OCWG seeking additional guidance from the CVE Board.

8.21.02

Send email to CVE Board about CNA Summit in March 2020.

MITRE (Jo Bazar)

Completed

9/4 Update: Email sent on August 27th, and no objections with Lenovo hosting 2020 CNA summit.

8.21.03

Set up recurring status meeting with AWG and SPWG (Monthly).

MITRE (Lew Loren)

Not Started

Assigned on August 21, 2019

 

 

 

TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential 
and may be subject to copyright or other intellectual property protection. 
If you are not the intended recipient, you are not authorized to use or 
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.

For details about what personal information we collect and why, please see our Privacy Notice on our website at: [ https://www.trendmicro.com/privacy]