CVE Pilot Approach

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

CVE Pilot Approach

Joe Sain

Yesterday, we described to you a plan to test a pilot approach that addresses the rapid-response security researcher use case. A number of concerns with the proposed syntax were raised, and we heard them clearly. As a result of your feedback, we will not move forward with a public announcement of the pilot plan, which we are putting on indefinite hold.

 

The pilot described yesterday was designed to run in parallel and to be completely separate from the production CVE stream, but we certainly understand the importance of not perturbing any operating aspect of CVE. Our goal is to be responsive to the critical need for the no-description use case, but we must also ensure that we have the correct operating model.

 

We would like to hold an Editorial Board meeting next week to discuss approaches to addressing the security researcher use case as well as any other issues or concerns that the Board may have. We want to be certain that every Board member has the opportunity to voice their opinions, concerns, and ideas. An agenda will be forthcoming.

 

We truly appreciate your feedback, and we are looking forward to developing an operating model that enables CVE to move forward and that preserves the foundational work that the community has put into the effort.

 

Regards,

 

Joe Sain

CVE Communications and Adoption Lead

The MITRE Corporation

 

Reply | Threaded
Open this post in threaded view
|

Re: CVE Pilot Approach

Landfield, Kent B
Thank you.

As for a meeting next week….  I am totally booked Monday thru Wednesday and only available Thursday morning and all day Friday.
---
Kent Landfield
+1.817.637.8026

From: <[hidden email]<mailto:[hidden email]>> on behalf of "Sain, Joe" <[hidden email]<mailto:[hidden email]>>
Date: Friday, March 18, 2016 at 9:50 AM
To: cve-editorial-board-list <[hidden email]<mailto:[hidden email]>>
Subject: CVE Pilot Approach

Yesterday, we described to you a plan to test a pilot approach that addresses the rapid-response security researcher use case. A number of concerns with the proposed syntax were raised, and we heard them clearly. As a result of your feedback, we will not move forward with a public announcement of the pilot plan, which we are putting on indefinite hold.

The pilot described yesterday was designed to run in parallel and to be completely separate from the production CVE stream, but we certainly understand the importance of not perturbing any operating aspect of CVE. Our goal is to be responsive to the critical need for the no-description use case, but we must also ensure that we have the correct operating model.

We would like to hold an Editorial Board meeting next week to discuss approaches to addressing the security researcher use case as well as any other issues or concerns that the Board may have. We want to be certain that every Board member has the opportunity to voice their opinions, concerns, and ideas. An agenda will be forthcoming.

We truly appreciate your feedback, and we are looking forward to developing an operating model that enables CVE to move forward and that preserves the foundational work that the community has put into the effort.

Regards,

Joe Sain
CVE Communications and Adoption Lead
The MITRE Corporation