NOTE: The CVE Board Strategic Planning Working Group is conducting a Face to Face meeting in Gaithersburg, Maryland this week and as a result, the CVE Board meeting for
June 27 was limited to updates from the Face to Face meeting and announcements from Board members.
Board Members in Attendance:
Kent Landfield (McAfee)
Scott Moore (IBM)
Kurt Seifried (RedHat)
David Waltermire (NIST)
Members of MITRE CVE Team in Attendance:
Updates and Announcements
The Strategic Planning Working Group is making good progress on CVE Roles and Services. The plan is to have one or two
priority services ready to pass onto the Automation Working Group to start building requirements and then to begin development.
The CVE Team met with the Cloud Security Alliance last week, and CSA is interested in being more involved in CVE and perhaps
becoming a CNA at some point. We did inform them that vulnerabilities in cloud services do not currently meet our inclusion criteria, but that we are having discussions around these types of issues and that these discussions will continue. CSA stated that
they would step up and create a working group that they would like MITRE to be involved with. They have a large user base and many vendors with whom they are interacting. The goal of the working group is to gauge the appetite for CVEs for cloud-based services,
what the parameters around them would be, and will there be vendor buy-in. CSA is willing to do the work, and they would like to have the CVE Board and MITRE as active participants.
Kurt Seifried’s last day at Red Hat is Saturday, June 30. He will be transitioning to Cloud Security Alliance. He will
also be continuing the work with DWF.
There will be an interview session with Lisa Olson (Microsoft) as part of the Board nomination process, scheduled for
Naver, a South Korean internet services provider, is now a CNA.
MITRE to change Kurt Seifried’s organizational affiliation on the CVE web site from Red Hat to Cloud Security Alliance
on July 2.