Members of MITRE CVE Team in Attendance
9:05- 9:30: Review agenda items and prioritize
9:30-10:45: Open Discussion items (based on prioritization on the Board)
See attached excel spreadsheet (CVE Board Meeting 30Sept20 - Action items)
ICS Root status updates and regular check-ins should be scheduled and/or reported to the CVE Board. The CVE Board discussed what is required to keep the Board informed of operational needs for the new ICS Root. The group agreed to schedule a meeting a month from now with both CISA ICS and JPCERT to check in and see how these things are working.
The CVE Board discussed in a prior meeting about keeping the voting open during the voting period, and to not close the voting early even if a majority was reached. Keeping the voting open allowed more time for international board members to cast their vote. The group discussed the pros and cons of keeping the voting open.
The group agreed to keep the voting open even if the majority has been reached. The Secretariat will report out on the voting results when the majority is reached and will emphasize in the email that the votes can still be cast during the open voting period.
The group discussed if CVE Board charter updates should be as needed, or on a cycle. The group agreed that frequency of the updates depends on the importance of the issue. For example, changes to the voting process would warrant a charter update immediately. However, minor issues can wait until there are enough changes to warrant a charter update.
- Automation planning - current status and future projects, what about a project plan?
The CVE Board discussed the need for a project plan for the services being developed by the AWG. The community is unclear what the delivery times are and setting community expectations about when these services will be delivered is of interest to the CVE Community. The CVE Board was informed that in the last AWG meeting, the process for developing a project plan has been initiated; the plan will also identify any risk and issues.
The group discussed the need for working group activities to be available and easily accessible to CVE Board members and more transparent to the public. WG status updates are being provided to the CVE Board monthly, but the CVE Community is unaware of the all the activities in the working groups. For some working groups, like the AWG, users can go out on GitHub and view open sourcing coding projects underway. However, other working groups are more strategic and the topics under discussion are not open to the public, only the final artifacts (e.g., EOL Policy).
The suggestion was made that WG chairs get together and figure out the appropriate level of transparency. The group agreed to discuss this topic at the next CVE Board meeting.
Agenda items for next meeting on 10/14/2020:
The group reviewed the OCWG Podcast plan and agree with the goals and objectives of the plan.
§Working Group Topics to be discussed 1) Working Group Transparency 2) Determine WG artifact storage and artifacts that are in the sausage making process 3) Clarify roles and responsibilities between the Working Groups 4) How can we get better WG updates
§Should the Board require working groups to rotate their meeting schedules to garner better international participation?
§How to address community concerns / perception of the speed that CVE requests are being addressed
§The CVE Board meeting recordings archives are in transition to a new platform. Once the new platform is ready, the board recordings will be readily available to CVE Board Members. Until then, to obtain a recording of a CVE Board Meeting, please reach out to Jo Bazar ().