Members of CVE Board in Attendance
Patrick Emsweller, Cisco Systems, Inc.
Kent Landfield, McAfee
Scott Moore, IBM
Lisa Olson, Microsoft
Kathleen Noble, Intel
Takayuki Uchiyama, Panasonic Corporation
David Waltermire, National Institute of Standards and Technology (NIST)
Ken Williams, Broadcom Inc.
Members of MITRE CVE Team in Attendance
2:15 – 3:00: Working Groups
3:00 – 2:45: Root CNA Update
§ CNA Coordination Working Group (CNACWG): Tod Beardsley
o Kicked off a survey for new meeting times for new globalized federated program. Survey results are being collected.
o Documented a CVE ID transfer process from one CNA to another.
o Quality Working Group (QWG): Dave Waltermire/Jonathan Evans
– AWG meeting was held on March 30, 2020:
§ Lew explained the 4 phases:
§ David suggested that the 90-day window starts at Phase 4.
§ Lisa Olsen explained that for her development team, a non-GitHub service will be less difficult.
§ David suggested clearly documenting the milestones: Clarify when the 90 transitions begins and when the other services (ID allocations services) are included in the plan.
§ The group agreed to further discuss and address the concerns at the April 13 AWG meeting.
– The current version of the JSON 5.0 schema is here.
§ Requirements for those changes can be determined at least one month prior to the end of the transition period, and they are not prohibitively difficult to implement; they will be incorporated into the 5.0 schema.
§ Requirements cannot be determined one month prior to the end of the transition period, or they are difficult to implement; they will be included in the 5.1 update.
§ Received three CNA requests since the last CVE Board meeting (held on 3/18/20).
§ Conducted one onboarding sessions since the last boarding meeting.
§ No CNA onboarding sessions scheduled.
§ No CNA announcement since last CVE Board meeting.
§ There are now 116 CNAs participating in the program in 21 countries
§ 87 in total CNA pipeline, 7 = Q2; 15= Q3, 15 = Q4 and 25 = Q1’20 so far
§ Four pending CNA announcements.
· 2 CNAs in process of preparing press releases.
· Draft press release received for CNA1, the press release was reviewed, feedback was provided, and a quote was provided by the CVE Board (thank you Kent).
§ CVE Website: On the CNA participants section of the CVE website, need to update MITRE to include secretariat, Root CNA and Program Root CNA roles.
Wednesday, April 15, 2020 at 2:00PM EDT
CVE_Board_Meeting_1 April 2020 FINAL.pdf (560K) Download Attachment
|Free forum by Nabble||Edit this page|