REVISED: CVE Board Agenda for Wednesday, 5 February 2020

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

REVISED: CVE Board Agenda for Wednesday, 5 February 2020

Jo E Bazar


2:00 – 2:15: Introductions, action items from the last meeting 

2:15 – 2:30: CVE Global Summit – Beverly Alvarez

2:30 – 2:45 Working Groups

  • Outreach and Communications Working Group (OCWG): Shannon Sabens
  • CNA Coordination Working Group (CNACWG): Tod Beardsley
  • Quality Working Group (QWG): Chris Coffin/Dave Waltermire
  • Automation Working Group (AWG): Lew Loren
  • Strategic Planning Working Group (SPWG): Kent Landfield


2:45– 2:55: Root CNA Update

  • MITRE: Jo Bazar
  • JPCERT: Jonathan Evans/Chris Coffin


2:55 – 3:10: CNA Rules Revision Status – Jonathan Evans

3:10 – 3:25: CVE Global Summit Agenda – Tod Beardsley

3:25 – 3:45: Dispute Process – Tod Beardsley

3:45 – 3:55: Open Discussion  

3:55 – 4:00: Action items, wrap-up




Action Item

Responsible Party




Assemble additional operational guidance for program participation by CNAs (e.g., webinars, instructional videos).

MITRE (Evans)

In Process

MITRE assembled a list of guidance priorities and other areas of the program; the top five priorities are listed below:

  1. How to submit entries to MITRE using the web form (CNA Submission process)
  2. CVE ID assignment rule (Counting) – DRAFT sent for inputs to CNACWG and OCWG
  3. Becoming a CNA – DRAFT sent for inputs to CNACWG and OCWG
  4. CVE Program (includes Root structure) 
  5. How to request MITRE CNA populate a CVE entry (CNA Process)
  6. How to create a CVE Entry (CNA Entry creation)


1/8 Update: Draft videos are uploaded to YouTube and CNACWG and OCWG will provide feedback NLT January 17.

2/5/20 Update: Feedback received from CNCWG and OCWG.


Develop a strategy for handling public but low-quality vulnerabilities, especially cases where the vendor or maintainer has not acknowledged the vulnerability.


(Chris C./Jonathan E.)

In Process

9/4 Update: Outline drafted by Jonathan and is being reviewed by the CVE team.


Take the lead for contest open to the community to create new CVE logo.


In Process

9/4 Update: OCWG discussed at last meeting and is seeking additional guidance from the CVE Board.

10/16 Update: Shannon provided a list of requirements/questions for the CVE Board to consider. 

2/5/20: CVE Logo contest underway.


Update RBP threshold policy to include consequences for CNA’s with backlogs over the specific threshold.

MITRE (Jonathan E./Jo B.)

In Process

11/13 Update: RBP policy drafted and being reviewed by CVE team. Policy document will be sent to the CVE Board for review and comment.


Draft Researcher CNA Requirements for CVE Board to review and vote

Chris Coffin (MITRE)


1/22/20 Update: Draft sent to CVE Team for review and feedback. Shared on screen with Board and got some feedback. Should be ready to use once we finalize CNA requirements.

2/5/2020 Update: Chris reviewed and edited the draft language with the CVE Board at the January 22, 2020 meeting. 


Send an email reminder to CVE Board and CNA Discussion list, about the details of the CNA summit and that an Eventbrite invite has been sent.  

Jo Bazar (MITRE)


Two reminder messages sent on January 23 and 28th.


Schedule meeting with Kent, Dave and MITRE development team for February 5th and 6th.

Jo Bazar (MITRE)


Meeting scheduled for February 6th.