CVE Strategy Directions

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

CVE Strategy Directions

Landfield, Kent B

The CVE Strategy Working Group was established by the CVE Board to work on strategic direction and decisions in September of 2016. Decisions made in the Strategy WG are submitted to the CVE Board as recommendations for the Board to approve.  Only Board approved recommendations are included in the document.


The attached document is the basis for creating an overall CVE Strategy whitepaper. It is a living document.  New recommendations from the working groups will be included.



Kent Landfield



From: Kurt Seifried <[hidden email]>
Date: Tuesday, January 24, 2017 at 9:06 PM
To: Kent Landfield <[hidden email]>
Cc: "Adinolfi, Daniel R" <[hidden email]>, cve-editorial-board-list <[hidden email]>
Subject: Re: Documentation tree


Seems comprehensive, do the docs exist yet, or?


On Tue, Jan 24, 2017 at 4:01 PM, Landfield, Kent B <[hidden email]> wrote:

This might be a good Board meeting presentation and discussion.  Rather have the opportunity to better understand this format and process before I comment further.



Kent Landfield

<a href="tel:(817)%20637-8026" target="_blank">+1.817.637.8026


From: <[hidden email]> on behalf of "Adinolfi, Daniel R" <[hidden email]>
Date: Tuesday, January 24, 2017 at 3:48 PM
To: cve-editorial-board-list <[hidden email]>
Subject: Documentation tree




MITRE would like the Board's feedback on our plan for providing documentation needed to support the CNA program. These documents are for the public and CNAs. They describe CVE and the CNA program and offer guidance regarding CNA operations.


Attached is an outline of a documentation tree. This tree shows the relationships between different documents. It also has brief descriptions of each document. This is an early draft of this documentation tree, and we will improve the appearance and clarity of the tree for public consumption. We are sharing this version with the Board to being the process of collecting your feedback.


Is there documentation that you feel is missing?


What are the top 3 documents based on priority, in your opinion?


Based on your feedback, we will develop a schedule for completing the initial versions of these documents. For each document, we will share an outline with the appropriate group for their discussion over a week. Once a draft is ready for review, that review period will be two weeks, and we will then have the final draft completed within two weeks of that. When the draft is finalized, it will be submitted to the Board for approval.


The Board will review general CVE documents themselves over the Board mailing list.


Documents that directly affect CNA operations will be reviewed on the cve-cna-list mailing list.


Documents that are related to automation will be reviewed on the Automation Working Group mailing list.


MITRE will maintain the document masters and act as editor. These masters will be maintained in GitHub.


Please let us know if you agree with this process. Our goal is to complete a number of documents over the next few months and bolster the CNA program and CVE in general.


Thank you.




Daniel Adinolfi, CISSP

Lead Cybersecurity Engineer, The MITRE Corporation

CVE Communications and CNA Coordinator

Email: <[hidden email]>  Phone: <a href="tel:(781)%20271-5774" target="_blank">781-271-5774






Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: 
[hidden email]

CVE Strategy-01-17-2017.pptx (96K) Download Attachment