CVE Strategy Directions

["Landfield, Kent B" < kent.b.landfield@intel.com >]

The CVE Strategy Working Group was established by the CVE Board to work on strategic direction and decisions in September of 2016. Decisions made in the Strategy WG are submitted to the CVE Board as recommendations for the Board to approve.  Only Board approved recommendations are included in the document.

The attached document is the basis for creating an overall CVE Strategy whitepaper. It is a living document.  New recommendations from the working groups will be included.

---

Kent Landfield

+1.817.637.8026

From: Kurt Seifried <kseifried@redhat.com>
Date: Tuesday, January 24, 2017 at 9:06 PM
To: Kent Landfield <kent.b.landfield@intel.com>
Cc: "Adinolfi, Daniel R" <dadinolfi@mitre.org>, cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
Subject: Re: Documentation tree

Seems comprehensive, do the docs exist yet, or?

On Tue, Jan 24, 2017 at 4:01 PM, Landfield, Kent B < kent.b.landfield@intel.com > wrote:

This might be a good Board meeting presentation and discussion.  Rather have the opportunity to better understand this format and process before I comment further.

 

---

Kent Landfield

+1.817.637.8026

 

From: < owner-cve-editorial-board-list@lists.mitre.org > on behalf of "Adinolfi, Daniel R" < dadinolfi@mitre.org >
Date: Tuesday, January 24, 2017 at 3:48 PM
To: cve-editorial-board-list < cve-editorial-board-list@lists.mitre.org >
Subject: Documentation tree

 

Greetings,

 

MITRE would like the Board's feedback on our plan for providing documentation needed to support the CNA program. These documents are for the public and CNAs. They describe CVE and the CNA program and offer guidance regarding CNA operations.

 

Attached is an outline of a documentation tree. This tree shows the relationships between different documents. It also has brief descriptions of each document. This is an early draft of this documentation tree, and we will improve the appearance and clarity of the tree for public consumption. We are sharing this version with the Board to being the process of collecting your feedback.

 

Is there documentation that you feel is missing?

 

What are the top 3 documents based on priority, in your opinion?

 

Based on your feedback, we will develop a schedule for completing the initial versions of these documents. For each document, we will share an outline with the appropriate group for their discussion over a week. Once a draft is ready for review, that review period will be two weeks, and we will then have the final draft completed within two weeks of that. When the draft is finalized, it will be submitted to the Board for approval.

 

The Board will review general CVE documents themselves over the Board mailing list.

 

Documents that directly affect CNA operations will be reviewed on the cve-cna-list mailing list.

 

Documents that are related to automation will be reviewed on the Automation Working Group mailing list.

 

MITRE will maintain the document masters and act as editor. These masters will be maintained in GitHub.

 

Please let us know if you agree with this process. Our goal is to complete a number of documents over the next few months and bolster the CNA program and CVE in general.

 

Thank you.

 

-Dan

_________________________

Daniel Adinolfi, CISSP

Lead Cybersecurity Engineer, The MITRE Corporation

CVE Communications and CNA Coordinator

Email: < dadinolfi@mitre.org >  Phone: 781-271-5774

 

 

--

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact:  secalert@redhat.com

Attachment: CVE Strategy-01-17-2017.pptx
Description: CVE Strategy-01-17-2017.pptx