The CVE Board met via teleconference on 16 November 2016.
Board members in attendance were:
Andy Balinsky (Cisco)
Harold Booth (NIST)
Scott Lawler (LP3)
Art Manion (CERT-CC)
Kurt Seifried (Red Hat/DWF)
Members of the MITRE CVE Team who attended the call are as follows:
2:00 – 2:05: Introductions, action items from the last meeting – Chris Coffin
2:05 – 2:10: CVE Strategic Planning Working Group Update – Kent Landfield
2:10 – 2:40: DWF Update – Kurt Seifried
2:40 – 3:00: Automation Working Group - Kurt Seifried and Harold Booth
3:00 – 3:30: CNA Summit review - Dan Adinolfi
3:30 – 3:55: Open discussion – CVE Board
3:55 – 4:00: Action items, wrap-up – Chris Coffin
The meeting began with a review of the action items from the previous Board meeting. The two action items were the creation of a mailing list for the Automation Working Group, which was created, and a list
of action items from the CNA Summit, which is under development.
CVE Strategic Planning Working Group Update
The Strategic Planning Working Group met informally at the CNA Summit, but no new business was discussed. The next meeting is scheduled for the week of November 21.
The DWF is continuing to work through their requests and improve the processing of those requests. The team is working on methods for validating request data in a more automated fashion.
The idea of the creation of a mentor program within DWF was also discussed. This program would connect those new to CVE assignment with more experienced mentors associated with the DWF and CVE. The details
of such a program are still under development, but there was interest in the idea.
Automation Working Group
The Automation Working Group update included a continuation of the discussion concerning the need for data validation for CVE submissions. Also, a mailing list ([hidden email]) has been
established for the Working Group, and the list will be populated by those interested in participating.
CNA Summit Review
The CNA Summit (8-9 November 2016 at the NCCoE facility in Gaithersburg, MD) was well attended, with approximately 25 attendees in person and 5 attendees online. Using presentations as starting points, there
was a great deal of discussion among the CNAs regarding CVE theory and practice. A list of action items coming out of the meeting will be shared with the community. One of those action items is to hold another CNA Summit in 6-8 months to continue promoting
collaboration across the CNA community.
CNA list issue with implementing new CNA rules based on Independently fixable and protocol level issues.
Share action items coming out of the CNA Summit.
Check to see if CVE can have a meeting during RSA conference.
Query the CNA and Board mailing lists asking who would like to participate in the new Automation Working Group.
The next Board Meeting will be held on November 30th.