|
Members of CVE Board in Attendance
Members of MITRE CVE Team in Attendance
Christine Deal
Jonathan Evans
Chris Levendis
3:35 - 3:40: Schedule interview for nomination
3:55 – 4:00: Action items, wrap-up
|
3.18.02
|
QWG develop a definition for the EOL tagging for presentation to the CVE Board. Once defined, the next step is to document the entire process.
|
Lisa Olson/Jonathan E. (MITRE)
|
Completed
|
|
3.18.04
|
Develop write up to send to the CNAs via the CNA mailing list to get their feedback on JSON 5.0 90-day transition.
|
Lew L. (MITRE)
|
Completed
|
4/29 Update: AWG meeting held on 4/13 where the transition schedule was presented and meeting notes were sent to the various email lists (AWG, SPWG, QWG and CNA).
|
-
October virtual summit needs to be scheduled and planning needs to begin soon. The group agreed Wednesday, October 14 would be a good date for the virtual summit.
-
Discussed how to support unofficial JSON fields that are being used in some of the CVE records; we would like to come up with formal extension mechanisms, developing use case examples to help with building requirements.
-
Also discussed CWE usage with CNAs; NVD uses slice 1003, and we want to get a better understanding of how CNAs are making use of CWE and have a larger conversation with the CWE team. David would like to have CWE representation at a future QWG meeting.
-
At the AWG meeting scheduled for April 30, we will discuss NVD reference types and end of life tagging; Chris Turner will be giving an overview.
§AWG meetings moved to every Tuesday at 4:00pm ET so the SPWG meeting can occur first on Monday for post sprint reviews and pre-sprint discussions.
§Posting on GitHub: All the pre-sprint analysis, post sprint analysis, and other AWG artifacts will be available for AWG members to review and reference.
§CVE Web form updates reflect 40% of CVE information coming to the program. We need a clear plan for existing CNAs so they can migrate their functionality and encourage them to use JSON format, instead of CVE webform.
§Received two CNA requests since the last CVE Board meeting (held on 4/15/20).
§There are now 120 CNAs participating in the program in 21 countries
§96 in total CNA pipeline: 16 in Q3'19; 17 in Q4’19; 24 in Q1’20 and 7 in Q2’20
–CNA missing disclosure policies and/or advisory locations underway
§We have emailed CNAs that are missing disclosures policies and/or advisory locations. We have received 8 responses so far and around 18 are missing one of the two requirements.
Schedule interview for nomination
§Jay Gazlay was nominated on Monday, April 27, 2020. Chris Levendis suggested the interview be at the next CVE Board meeting on May 13, 2020.
-
The interview will be first item on agenda, the interview will be 30 minutes and a 30-minute post interview discussion will follow.
-
There will be little time for the working groups; therefore, the CVE Board has requested that the Working Group chairs send their status updates to the Private Board list before the May 13
th
meeting, so Board members can review ahead of time and can ask questions if needed.
Open Source Fuzzing – David Waltermire
|