|
Members of MITRE CVE Team in Attendance
Christine Deal
Jonathan Evans
Chris Levendis
3:55 – 4:00: Action items, wrap-up
|
5.13.02
|
Take the lead for developing a proposal about approach for automated vulnerability identification workshop that includes an initial target participant list, and report back to next CVE Board Meeting.
|
Kent L.
|
In progress
|
|
6.10.01
|
Contact RCNA1 to see if they are comfortable sharing their draft Dispute/Escalation policy with the SPWG (and receiving feedback)
|
Jo Bazar (MITRE)
|
In Progress
|
6/24 Update: Dispute policy still in draft.
|
|
6.24.04
|
Send message to all the CVE Board members so see if they want to continue being on the CVE Board.
|
Chris L. (MITRE)
|
Not Started
|
Assigned on 6/24/2020.
|
-
Tod Beardsley (Rapid 7) has offered to provide the next Blog post, to be published on August. Lisa Olson (Microsoft) also offered to provide a Blog post, to be published September 1.
-
Thu Tran (MITRE) provided an overview of the CVE website mockups and obtained feedback from the group. The OCWG recommended ensuring the CVE website integrates with mobile phones and advertising Becoming a CNA information.
-
Next step is to adjudicate comments made during the meeting and present an updated draft at the next meeting.
§ Planning continues for CVE Global Virtual Summit for October 19, 2020.
§The next CNACWG meetings are July 15 and 16. US and Euro meetings will be held on July 15 and Asia meeting will be held on July 16.
§Developing guidelines for proposing new official tags
§Wants to use the User Registry Service to support storage of CNA defined tags; however, the User Registry Service will not support this feature in the MVP.
§The opinion on the call was that we can wait until Phase 2 to add CNA-defined tagging.
§New topics brought up for later discussion
§
Authentication and User Registry:
Provides authentication and permissions that will control who has access to features and information that are not publicly available
§
ID Reservation:
Self-service allowing CNAs to get either an arbitrary number of non-sequential IDs, or a block of sequential IDs
§
Entry Submission and Upload Service (ESUS):
Replace the Github submission service so that CNAs can submit CVE information directly to the database, without the need for manual review
§
New Website:
Replace existing website with a contemporary technology stack and improved organization and utility
§Received six CNA requests since the last CVE Board meeting (held on June 24).
–
CNAs missing disclosure policies and/or advisory locations (as required based on CNA rules 3.0)
§We have emailed the 20 CNAs with missing disclosures policies and/or advisory locations; we have received the requested information from 13 CNAs, and 7 remain outstanding.
-
We will be speaking with another candidate vendor soon. Currently fixing the schedule for the meeting. Regarding the CNA on-boarding slides translation, we have not yet started the voice-over process. We will let you know once the plan is set.
-
Domain Name:
The CVE Program attempted to make a certified offer to purchase the domain name "cve.org" but the registrar was unable to contact the owner; the CVE Program is working with MITRE Legal to begin the domain name dispute process.
-
CVE Logo:
The new CVE logo trademark has a common law in place (i.e., we can use the logo before it completes the trademark process. However, there is a slight risk if the Patent Trademark Office (PTO) discovers any issues with the new logo (e.g., if the new CVE logo design is already in use). If so, a new CVE logo would need to be selected.
Other discussions items:
|