Tod Beardsley, Rapid7
Chris Coffin, The MITRE Corporation (MITRE At-Large)
Patrick Emsweller, Cisco Systems, Inc.
Kent Landfield, McAfee
Scott Lawler, LP3
Scott Moore, IBM
Kathleen Noble, Intel Corporation
Lisa Olson, Microsoft
Shannon Sabens, Trend Micro/Zero Day Initiative (ZDI)
Takayuki Uchiyama, Panasonic Corporation
David Waltermire, National Institute of Standards and Technology (NIST)
Members of MITRE CVE Team in Attendance
2:15 – 3:00: Working Groups
3:00 – 3:30: Root CNA Update
3:50– 3:55: Open Discussion
3:55 – 4:00: Action items, wrap-up
§ Thu is presenting the CVE Website mockup on June 26 for OCWG feedback.
§ Podcast on relationship and differences between NIST NVD and CVE has been delayed; however, podcast topRCNA1 have been reprioritized to have the CNA Success stories podcast be first.
§ ZDI Blog posted on CVE website and ZDI website on June 22.
§ The next OCWG meeting is on June 26.
§ Euro and Asia meetings are taking off, with each meeting having at least two attendees.
§ Draft agenda for virtual CVE Global summit sent on June 24 to the CVE Board for review and feedback.
§ CNA Rules changes: Trivial rules changes do not need a vote; changes that impact the normal workflow of a CNA require a vote, with six month lead time for implementation.
§ The next CNACWG meetings are July 1 and 2. US and Euro meetings will be held on July 1 and Asia meeting will be held on July 2.
§ Quality Working Group (QWG): Dave Waltermire/Jonathan Evans
§ Finalizing the operations bounds around tagging a CVE
– There are 3 tag types: Container tags, reference tags and tags that appear in descriptions.
– QWG will host a tag proposal meeting and serve as a gatekeeper; recommendations will be presented to the CVE board.
§ The next QWG meeting is June 25.
§ AWG charter is in the process of being finalized.
§ The next AWG meetings are June 30 and July 7.
§ EOL document sent for review and comment, feedback due NLT July 1
§ CVE domain acquisition process is underway; MITRE extended offer for CVE.org.
§ Suggestion was made for another mailing list that includes all CVE Board members and CNAs, ADPS, etc., to make getting feedback from the community easier.
§ CVE Definition list is underway. Dave and Katie have taken the lead with reviewing and editing the document.
§ SPWG charter was approved and was posted to the CVE website on June 15.
§ The next SPWG meetings are June 29 and July 6.
§ Received five CNA requests since the last CVE Board meeting (held on June 10).
§ Four onboarding sessions since the last CVE Board meeting:
§ One CNA onboarding sessions scheduled in June.
§ One CNA announcement since last CVE Board meeting: openEuler
§ There are now 129 CNAs participating in the program in 21 countries
§ 110 in total CNA pipeline: 15 in Q3’19; 16 in Q4’19; 23 in Q1’20 and 20 in Q2’20
– CNAs missing disclosure policies and/or advisory locations (as required based on CNA rules 3.0)
§ We have emailed the 20 CNAs with missing disclosures policies and/or advisory locations; we have received the requested information from 13 CNAs, and 7 remain outstanding.
§ JPCERT - Jonathan Evans
– CNA Status Updates June 24:
§ Recommendation for Council of Working Chairs - Chris Levendis
Wednesday, July 8, 2020 at 2:00PM EDT
Other discussions items:
CVE_Board_Meeting_24June 2020 FINAL.pdf (538K) Download Attachment
|Free forum by Nabble||Edit this page|