A public, centralized bug tracker for CVE issues researchers run into would be kinda awesome. Way easier than tracking down subtweets.
On Thu, Mar 31, 2022 at 10:41 AM Art Manion <aman...@cert.org> wrote: > I joined the last Board call midway through the discussion about the > researcher advisory board/WG. A few thoughts, even though I didn't hear > the initial goals. > > IMO the main goal would be to encourage researchers to use CVE, either > themselves directly or as a part of their reporting/disclosure processes > (e.g., remind, ask, motivate vendors to become CNAs). Sub-goals might > include awareness, education (how to), and problem/dispute resolution. > > No concerns with creating a board or WG, I think the title of the group > does matter some and agree we should seek a representative person or set of > persons as chair(s). > > Periodic meetings are one way, but not the only way, to do things. > Getting ahead a bit, I could see this group managing a git repo where > researchers (anyone really) can file issues. Transparency (the Program is > open to receiving problem reports and the resolutions are published) goes a > long way, and builds up a body of knowledge (e.g., read the closed issues > before opening a new one). This sort of activity doesn't have to be > limited to periodic meetings. > > Regards, > > - Art > -- NOTICE OF CONFIDENTIALITY: At Rapid7, the privacy of our customers, partners, and employees is paramount. If you received this email in error, please notify the sender and delete it from your inbox right away. Learn how Rapid7 handles privacy at rapid7.com/privacy-policy <https://www.rapid7.com/privacy-policy/>. To opt-out of Rapid7 marketing emails, please click here <https://information.rapid7.com/communication-preferences.html> or email priv...@rapid7.com <mailto:priv...@rapid7.com>.
