CVE Entry Quality Working Group

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

CVE Entry Quality Working Group

Coffin, Chris

Board Members,

 

The CVE team would like to judge your level of interest in establishing a CVE Entry Quality Working Group. The main focus of the group would be on improving the quality of CVE entry content. The output of the group would be best practices and guidelines on how to generate a CVE entry, and possibly propose changes to the CNA Rules. 

 

Example issues the group could cover include:

  • Should the CVSS vector be allowed in a CVE Entry description?
  • What is the best way to describe relationships between products (e.g. Product A bundles Product B)?
  • If the only public data for two different vulnerabilities would result in an identical description, what should be done?

 

Would the Board be interested in establishing the CVE Entry Quality Working Group, and are any Board members interested in stepping up to be the chair? Please respond by Friday Nov 30.

 

The CVE Team

Reply | Threaded
Open this post in threaded view
|

Re: CVE Entry Quality Working Group

Landfield, Kent

I agree. I will be happy to participate in the discussions as well.

 

Thank you, Gracias, Grazie,  谢谢, Merci!, Спасибо!, Bedankt, Danke!ありがとうधन्यवाद!

-- 

Kent Landfield

+1.817.637.8026

[hidden email]

 

 

From: David Waltermire <[hidden email]>
Date: Monday, November 26, 2018 at 9:21 AM
To: "Coffin, Chris" <[hidden email]>, CVE Editorial Board Discussion <[hidden email]>
Subject: Re: CVE Entry Quality Working Group

 

CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe.


I think establishing this WG is a great idea. I'd be happy to participate.

Regards,
Dave

-------- Original Message --------
From: "Coffin, Chris" <[hidden email]>
Date: Mon, November 26, 2018 9:32 AM -0500
To: CVE Editorial Board Discussion <[hidden email]>
Subject: CVE Entry Quality Working Group

Board Members,

 

The CVE team would like to judge your level of interest in establishing a CVE Entry Quality Working Group. The main focus of the group would be on improving the quality of CVE entry content. The output of the group would be best practices and guidelines on how to generate a CVE entry, and possibly propose changes to the CNA Rules. 

 

Example issues the group could cover include:

·         Should the CVSS vector be allowed in a CVE Entry description?

·         What is the best way to describe relationships between products (e.g. Product A bundles Product B)?

·         If the only public data for two different vulnerabilities would result in an identical description, what should be done?

 

Would the Board be interested in establishing the CVE Entry Quality Working Group, and are any Board members interested in stepping up to be the chair? Please respond by Friday Nov 30.

 

The CVE Team

Reply | Threaded
Open this post in threaded view
|

Re: CVE Entry Quality Working Group

James Williams
In reply to this post by Coffin, Chris
On Mon, Nov 26, 2018 at 8:32 AM Coffin, Chris <[hidden email]> wrote:

>
> Board Members,
>
>
>
> The CVE team would like to judge your level of interest in establishing a CVE Entry Quality Working Group. The main focus of the group would be on improving the quality of CVE entry content. The output of the group would be best practices and guidelines on how to generate a CVE entry, and possibly propose changes to the CNA Rules.
>
>
>
> Example issues the group could cover include:
>
> Should the CVSS vector be allowed in a CVE Entry description?
> What is the best way to describe relationships between products (e.g. Product A bundles Product B)?
> If the only public data for two different vulnerabilities would result in an identical description, what should be done?
>
>
>
> Would the Board be interested in establishing the CVE Entry Quality Working Group, and are any Board members interested in stepping up to be the chair? Please respond by Friday Nov 30.
>
>
>
> The CVE Team


Great idea, and I'd like to participate in this.

--
Regards,
Ken Williams
Vulnerability Response Director, Product Vulnerability Response Team
CA Technologies, A Broadcom Company, 520 Madison Av, 22nd Floor, NY NY 10022
Office: +1 631 533 7151 | Mobile: +1 816 914 4225 | [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: CVE Entry Quality Working Group

Art Manion
In reply to this post by Coffin, Chris
On 11/26/18 9:32 AM, Coffin, Chris wrote:
 
> The CVE team would like to judge your level of interest in establishing a CVE Entry Quality Working Group. The main focus of the group would be on improving the quality of CVE entry content. The output of the group would be best practices and guidelines on how to generate a CVE entry, and possibly propose changes to the CNA Rules.

+me please.

  - Art

Reply | Threaded
Open this post in threaded view
|

RE: CVE Entry Quality Working Group

uchiyama.taki

Please include me as well.

> -----Original Message-----
> From: Art Manion <[hidden email]>
> Sent: Thursday, November 29, 2018 5:21 AM
> To: Coffin, Chris <[hidden email]>; CVE Editorial Board Discussion <[hidden email]>
> Subject: Re: CVE Entry Quality Working Group
>
> On 11/26/18 9:32 AM, Coffin, Chris wrote:
>
> > The CVE team would like to judge your level of interest in establishing a CVE Entry Quality Working Group. The main
> focus of the group would be on improving the quality of CVE entry content. The output of the group would be best
> practices and guidelines on how to generate a CVE entry, and possibly propose changes to the CNA Rules.
>
> +me please.
>
>   - Art