Documentation tree

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Documentation tree

Adinolfi, Daniel R

Greetings,

 

MITRE would like the Board's feedback on our plan for providing documentation needed to support the CNA program. These documents are for the public and CNAs. They describe CVE and the CNA program and offer guidance regarding CNA operations.

 

Attached is an outline of a documentation tree. This tree shows the relationships between different documents. It also has brief descriptions of each document. This is an early draft of this documentation tree, and we will improve the appearance and clarity of the tree for public consumption. We are sharing this version with the Board to being the process of collecting your feedback.

 

Is there documentation that you feel is missing?

 

What are the top 3 documents based on priority, in your opinion?

 

Based on your feedback, we will develop a schedule for completing the initial versions of these documents. For each document, we will share an outline with the appropriate group for their discussion over a week. Once a draft is ready for review, that review period will be two weeks, and we will then have the final draft completed within two weeks of that. When the draft is finalized, it will be submitted to the Board for approval.

 

The Board will review general CVE documents themselves over the Board mailing list.

 

Documents that directly affect CNA operations will be reviewed on the cve-cna-list mailing list.

 

Documents that are related to automation will be reviewed on the Automation Working Group mailing list.

 

MITRE will maintain the document masters and act as editor. These masters will be maintained in GitHub.

 

Please let us know if you agree with this process. Our goal is to complete a number of documents over the next few months and bolster the CNA program and CVE in general.

 

Thank you.

 

-Dan

_________________________

Daniel Adinolfi, CISSP

Lead Cybersecurity Engineer, The MITRE Corporation

CVE Communications and CNA Coordinator

Email: <[hidden email]>  Phone: 781-271-5774

 

 


DocumentationTreeBoard.pptx (165K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Documentation tree

Landfield, Kent B

This might be a good Board meeting presentation and discussion.  Rather have the opportunity to better understand this format and process before I comment further.

 

---

Kent Landfield

+1.817.637.8026

 

From: <[hidden email]> on behalf of "Adinolfi, Daniel R" <[hidden email]>
Date: Tuesday, January 24, 2017 at 3:48 PM
To: cve-editorial-board-list <[hidden email]>
Subject: Documentation tree

 

Greetings,

 

MITRE would like the Board's feedback on our plan for providing documentation needed to support the CNA program. These documents are for the public and CNAs. They describe CVE and the CNA program and offer guidance regarding CNA operations.

 

Attached is an outline of a documentation tree. This tree shows the relationships between different documents. It also has brief descriptions of each document. This is an early draft of this documentation tree, and we will improve the appearance and clarity of the tree for public consumption. We are sharing this version with the Board to being the process of collecting your feedback.

 

Is there documentation that you feel is missing?

 

What are the top 3 documents based on priority, in your opinion?

 

Based on your feedback, we will develop a schedule for completing the initial versions of these documents. For each document, we will share an outline with the appropriate group for their discussion over a week. Once a draft is ready for review, that review period will be two weeks, and we will then have the final draft completed within two weeks of that. When the draft is finalized, it will be submitted to the Board for approval.

 

The Board will review general CVE documents themselves over the Board mailing list.

 

Documents that directly affect CNA operations will be reviewed on the cve-cna-list mailing list.

 

Documents that are related to automation will be reviewed on the Automation Working Group mailing list.

 

MITRE will maintain the document masters and act as editor. These masters will be maintained in GitHub.

 

Please let us know if you agree with this process. Our goal is to complete a number of documents over the next few months and bolster the CNA program and CVE in general.

 

Thank you.

 

-Dan

_________________________

Daniel Adinolfi, CISSP

Lead Cybersecurity Engineer, The MITRE Corporation

CVE Communications and CNA Coordinator

Email: <[hidden email]>  Phone: 781-271-5774

 

 

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Documentation tree

kseifried@redhat.com
Seems comprehensive, do the docs exist yet, or?

On Tue, Jan 24, 2017 at 4:01 PM, Landfield, Kent B <[hidden email]> wrote:

This might be a good Board meeting presentation and discussion.  Rather have the opportunity to better understand this format and process before I comment further.

 

---

Kent Landfield

<a href="tel:(817)%20637-8026" value="+18176378026" target="_blank">+1.817.637.8026

 

From: <[hidden email]> on behalf of "Adinolfi, Daniel R" <[hidden email]>
Date: Tuesday, January 24, 2017 at 3:48 PM
To: cve-editorial-board-list <[hidden email]>
Subject: Documentation tree

 

Greetings,

 

MITRE would like the Board's feedback on our plan for providing documentation needed to support the CNA program. These documents are for the public and CNAs. They describe CVE and the CNA program and offer guidance regarding CNA operations.

 

Attached is an outline of a documentation tree. This tree shows the relationships between different documents. It also has brief descriptions of each document. This is an early draft of this documentation tree, and we will improve the appearance and clarity of the tree for public consumption. We are sharing this version with the Board to being the process of collecting your feedback.

 

Is there documentation that you feel is missing?

 

What are the top 3 documents based on priority, in your opinion?

 

Based on your feedback, we will develop a schedule for completing the initial versions of these documents. For each document, we will share an outline with the appropriate group for their discussion over a week. Once a draft is ready for review, that review period will be two weeks, and we will then have the final draft completed within two weeks of that. When the draft is finalized, it will be submitted to the Board for approval.

 

The Board will review general CVE documents themselves over the Board mailing list.

 

Documents that directly affect CNA operations will be reviewed on the cve-cna-list mailing list.

 

Documents that are related to automation will be reviewed on the Automation Working Group mailing list.

 

MITRE will maintain the document masters and act as editor. These masters will be maintained in GitHub.

 

Please let us know if you agree with this process. Our goal is to complete a number of documents over the next few months and bolster the CNA program and CVE in general.

 

Thank you.

 

-Dan

_________________________

Daniel Adinolfi, CISSP

Lead Cybersecurity Engineer, The MITRE Corporation

CVE Communications and CNA Coordinator

Email: <[hidden email]>  Phone: <a href="tel:(781)%20271-5774" value="+17812715774" target="_blank">781-271-5774

 

 




--

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Documentation tree

Adinolfi, Daniel R

Most of the documents do not yet exist, but there are some in either draft or published form. Those in "quotes" exist, and the words in quotes are the titles.

 

Would anyone like to take a stab at prioritization of the documents? We discussed doing this at the last Board meeting.

 

Thanks.

 

-Dan

 

From: Kurt Seifried <[hidden email]>
Date: Tuesday, January 24, 2017 at 22:06
To: "Landfield, Kent B" <[hidden email]>
Cc: "Adinolfi, Daniel R" <[hidden email]>, cve-editorial-board-list <[hidden email]>
Subject: Re: Documentation tree

 

Seems comprehensive, do the docs exist yet, or?

 

On Tue, Jan 24, 2017 at 4:01 PM, Landfield, Kent B <[hidden email]> wrote:

This might be a good Board meeting presentation and discussion.  Rather have the opportunity to better understand this format and process before I comment further.

 

---

Kent Landfield

<a href="tel:(817)%20637-8026" target="_blank">+1.817.637.8026

 

From: <[hidden email]> on behalf of "Adinolfi, Daniel R" <[hidden email]>
Date: Tuesday, January 24, 2017 at 3:48 PM
To: cve-editorial-board-list <[hidden email]>
Subject: Documentation tree

 

Greetings,

 

MITRE would like the Board's feedback on our plan for providing documentation needed to support the CNA program. These documents are for the public and CNAs. They describe CVE and the CNA program and offer guidance regarding CNA operations.

 

Attached is an outline of a documentation tree. This tree shows the relationships between different documents. It also has brief descriptions of each document. This is an early draft of this documentation tree, and we will improve the appearance and clarity of the tree for public consumption. We are sharing this version with the Board to being the process of collecting your feedback.

 

Is there documentation that you feel is missing?

 

What are the top 3 documents based on priority, in your opinion?

 

Based on your feedback, we will develop a schedule for completing the initial versions of these documents. For each document, we will share an outline with the appropriate group for their discussion over a week. Once a draft is ready for review, that review period will be two weeks, and we will then have the final draft completed within two weeks of that. When the draft is finalized, it will be submitted to the Board for approval.

 

The Board will review general CVE documents themselves over the Board mailing list.

 

Documents that directly affect CNA operations will be reviewed on the cve-cna-list mailing list.

 

Documents that are related to automation will be reviewed on the Automation Working Group mailing list.

 

MITRE will maintain the document masters and act as editor. These masters will be maintained in GitHub.

 

Please let us know if you agree with this process. Our goal is to complete a number of documents over the next few months and bolster the CNA program and CVE in general.

 

Thank you.

 

-Dan

_________________________

Daniel Adinolfi, CISSP

Lead Cybersecurity Engineer, The MITRE Corporation

CVE Communications and CNA Coordinator

Email: <[hidden email]>  Phone: <a href="tel:(781)%20271-5774" target="_blank">781-271-5774

 

 



 

--

 

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: 
[hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Documentation tree

kseifried@redhat.com
for me it's be CVE yes/no and split/merge, in other words the basic training needed to create CVEs that are generally correct. If people get that stuff right it will significantly reduce our workload.

On Tue, Feb 7, 2017 at 3:04 PM, Adinolfi, Daniel R <[hidden email]> wrote:

Most of the documents do not yet exist, but there are some in either draft or published form. Those in "quotes" exist, and the words in quotes are the titles.

 

Would anyone like to take a stab at prioritization of the documents? We discussed doing this at the last Board meeting.

 

Thanks.

 

-Dan

 

From: Kurt Seifried <[hidden email]>
Date: Tuesday, January 24, 2017 at 22:06
To: "Landfield, Kent B" <[hidden email]>
Cc: "Adinolfi, Daniel R" <[hidden email]>, cve-editorial-board-list <[hidden email]>
Subject: Re: Documentation tree

 

Seems comprehensive, do the docs exist yet, or?

 

On Tue, Jan 24, 2017 at 4:01 PM, Landfield, Kent B <[hidden email]> wrote:

This might be a good Board meeting presentation and discussion.  Rather have the opportunity to better understand this format and process before I comment further.

 

---

Kent Landfield

<a href="tel:(817)%20637-8026" target="_blank">+1.817.637.8026

 

From: <[hidden email]> on behalf of "Adinolfi, Daniel R" <[hidden email]>
Date: Tuesday, January 24, 2017 at 3:48 PM
To: cve-editorial-board-list <[hidden email]>
Subject: Documentation tree

 

Greetings,

 

MITRE would like the Board's feedback on our plan for providing documentation needed to support the CNA program. These documents are for the public and CNAs. They describe CVE and the CNA program and offer guidance regarding CNA operations.

 

Attached is an outline of a documentation tree. This tree shows the relationships between different documents. It also has brief descriptions of each document. This is an early draft of this documentation tree, and we will improve the appearance and clarity of the tree for public consumption. We are sharing this version with the Board to being the process of collecting your feedback.

 

Is there documentation that you feel is missing?

 

What are the top 3 documents based on priority, in your opinion?

 

Based on your feedback, we will develop a schedule for completing the initial versions of these documents. For each document, we will share an outline with the appropriate group for their discussion over a week. Once a draft is ready for review, that review period will be two weeks, and we will then have the final draft completed within two weeks of that. When the draft is finalized, it will be submitted to the Board for approval.

 

The Board will review general CVE documents themselves over the Board mailing list.

 

Documents that directly affect CNA operations will be reviewed on the cve-cna-list mailing list.

 

Documents that are related to automation will be reviewed on the Automation Working Group mailing list.

 

MITRE will maintain the document masters and act as editor. These masters will be maintained in GitHub.

 

Please let us know if you agree with this process. Our goal is to complete a number of documents over the next few months and bolster the CNA program and CVE in general.

 

Thank you.

 

-Dan

_________________________

Daniel Adinolfi, CISSP

Lead Cybersecurity Engineer, The MITRE Corporation

CVE Communications and CNA Coordinator

Email: <[hidden email]>  Phone: <a href="tel:(781)%20271-5774" target="_blank">781-271-5774

 

 



 

--

 

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: 
[hidden email]




--

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: [hidden email]
Loading...