I joined the last Board call midway through the discussion about the researcher 
advisory board/WG.  A few thoughts, even though I didn't hear the initial goals.

IMO the main goal would be to encourage researchers to use CVE, either 
themselves directly or as a part of their reporting/disclosure processes (e.g., 
remind, ask, motivate vendors to become CNAs).  Sub-goals might include 
awareness, education (how to), and problem/dispute resolution.

No concerns with creating a board or WG, I think the title of the group does 
matter some and agree we should seek a representative person or set of persons 
as chair(s).

Periodic meetings are one way, but not the only way, to do things.  Getting 
ahead a bit, I could see this group managing a git repo where researchers 
(anyone really) can file issues.  Transparency (the Program is open to 
receiving problem reports and the resolutions are published) goes a long way, 
and builds up a body of knowledge (e.g., read the closed issues before opening 
a new one).  This sort of activity doesn't have to be limited to periodic 
meetings.

Regards,

 - Art

Reply via email to