The CVE Board met via teleconference on 2 November 2016.
Board members in attendance were:
Harold Booth (NIST)
Kent Landfield (Intel)
Art Manion (CERT-CC)
Kurt Seifried (Red Hat/DWF)
David Waltermire (NIST)
Members of the MITRE CVE Team who attended the call are as follows:
2:00 – 2:05: Introductions, action items from the last meeting – Chris Coffin
2:05 – 2:10: CVE Strategic Planning Working Group Update – Kent Landfield
2:10 – 2:40: DWF Update – Kurt Seifried
2:40 – 2:50: Automation Working Group - Kurt Seifried and Harold Booth
2:50 – 3:10: Board Membership - Daniel Adinolfi
3:10 – 3:40: CNA Summit Planning - Kent Landfield and Dave Waltermire
3:40 – 3:55: Open discussion – CVE Board
3:55 – 4:00: Action items, wrap-up – Chris Coffin
The Board began by reviewing the action items from the 19 October Board meeting. MITRE shared the current draft of a CVE 101 slide deck. The deck is a starting point for developing presentations to educate
the public about CVE.
Also, the Board acknowledged the receipt of a new JSON schema for use within DWF. The Automation Working Group reported that they have a brief written to summarize their plans (see below).
CVE Strategic Planning Working Group Update
The Strategic Planning Working Group did not meet since the last Board meeting. Researchers as CNAs is an issue that the WG would like to continue considering before any new researcher CNAs are on-boarded.
The DWF has been working on cleaning up recent submissions, having cleaned up approximately 90 entries at the time of the Board meeting. The DWF is considering how to communicate with disclosers using the
DWF and if researchers should be sub-CNAs of the DWF. Most of the discussion about the DWF was tabled until the CNA Summit scheduled for the following week.
Automation Working Group
The Automation Working Group presented a brief on their agenda. The brief explained their purpose is to create a sharing model for CVE based on an open format. The WG plans to work within a small group and
iterate on creating a workable format that will leverage existing work to the extent possible.
CVE received word that one member would like to nominate a new Board member before they themselves step down from the Board. The Board will follow the process described in the Board Charter and watch for
CNA Summit Planning
The CNA Summit was discussed. Fifteen CNAs had responded that they would attend at the time of the Board meeting. The agenda had been posted and the event was highly anticipated.
JPCERT/CC will be asked if any of their staff would be interested in joining the CVE Board due to their experience and knowledge regarding CVE operations.
MITRE will create and populate an Automation Working Group mailing list.
The Board will offer feedback on NIST’s Vulnerability Description Ontology document.
The next Board Meeting will be held on November 16th.