☒ Kris Britton
☒ Christine Deal
☒ Jonathan Evans
☒ Chris Levendis
10:35-10:55: Review of Action items (see attached excel file)
See attached Excel spreadsheet for open actions items from prior meetings (CVE Board Meeting 31Mar21– Agenda and Action items)
- Listed below are the criteria for blocker/not a blocker (as we are on a time crunch to get the new website out the door):
- If it is public today, then it is not a blocker to go forward.
–If it is not yet public and it is incorrect/untrue, it must be changed or omitted.
§Non-blockers should be addressed in time but should not block the release of other content or the site itself.
oKent provided an update on ENISA, and how the CVE Program and ENISA can work together as we move forward with vulnerability management. We hope that ENISA and the CVE Program can partner in the future, with ENISA being a Top-Level Root.
§Inside the Apache CNA, how we handle over 300 sub projects
§Responding to Hostile Security researchers - best practices
oThe Board agreed that the following additional topics could be added:
§NVD CVSS scoring (bronze/silver/gold) with Chris Turner (specifically requested by the CNACWG)
§The QWG and AWG proposed to the CVE Board, a recommendation to realign scopes of the two working groups, as there were duplicative discussions about the CVE record format that are occurring in both working groups.
oManages the CVE Record format release cycle in consultation with the AWG and SPWG and need to work out how to resource management of the GitHub repo
oManages the service development and associated service release cycle and decides when to adopt a given CVE Record format version
§The CVE Board agreed with the updated scopes for the working groups as proposed.
§The CVE Board meeting recording archives are in transition to a new platform. Once the new platform is ready, the Board recordings will be readily available to CVE Board Members. Until then, to obtain a recording of a CVE Board Meeting, please reach out to CVE Program Secretariat ().