The CNA Summit Agenda looks reasonable. As long as the government is still open, Dave and I will present the CVE Federation Philosophy and moderate the discussions. Personally I think we need to include the backup session in the overall agenda. Some of it will be touched on in the muti-vendor discussions. Seems like the type of topic discussions that this set of participants could add real value to. (Also corrected your numbering below… ;-)
Thank you, Gracias, Grazie, 谢谢, Merci!, Спасибо!, Danke!, ありがとう, धन्यवाद!
The following is a list of topics for the CVE CNA Summit, which is being held on February 13 – 14, 2018 at the MITRE McLean, VA campus. Please review it, and if you additional topics that you would like to see covered, please respond to this email with your suggestions and comments. A separate email with instructions for attending, directions to the MITRE McLean site, and accommodations in the area will be forthcoming soon.
Thank you for your participation and support; we are looking forward to hearing from you!
The MITRE CVE Team
o Current status of the federated CVE program
o Problems and challenges that we face today
o How do we transition to the future?
o Who can update the entries,
o What they can update,
o And under what conditions.
o Should anything that could be considered hardware be included? For example, can an ID be assigned to a flaw in a lock or safe? Can the term be limited in a reasonable way, such as computer hardware or digital hardware?
o Should physical attacks be considered a vulnerability, e.g. is it a vulnerability if I can throw a thermal blanket of an infrared detector?
Workshop - CVE and Supply Chain Relationships: How vulnerabilities flow down to other products
|Free forum by Nabble||Edit this page|