CVE Board Meeting Notes

October 11, 2023 (2:00 pm – 4:00 pm EDT)

·       2:00-2:05        Introduction

·       2:05-3:25        Topics

           *   Voting: Multiple Members from Same Organization
           *   Fall Virtual Workshop Agenda
           *   Board Meeting Survey Results

·       3:25-3:35        Open Discussion

·       3:35-3:55        Review of Action Items

·       3:55-4:00        Closing Remarks
New Action Items from October 11 Meeting
New Action Item
Responsible Party
Send email to the Board list to vote on whether to keep the rule “one 
organization, one vote” for Board members. Allow one to two weeks for 
discussion before the voting period begins.
Send email to the Board list to summarize the ADP container issue so that 
members can weigh in on the topic prior to the initiation of a vote.
Voting: Multiple Members from Same Organization

  *   Recently, a couple of Board members brought up that the rule of “one 
organization, one vote” may not be needed. This rule was put into place to 
minimize undue influence from a particular organization(s) with multiple 
  *   Current rules allow for an exception on a case-by-case basis (only used 
once). What do Board members think about the rule and whether it should be 
changed? A sample of comments are below:
     *   An employment change may effectively eliminate a member’s vote.
     *   There have been very few close votes, so there are not many instances 
where this rule has even come into play. Keep rule as is or eliminate.
     *   Maybe reverse the rule so every member gets a vote, but an exception 
can be made in cases where there is the possibility of undue influence.
     *   I like the rule as written. Continue to allow exceptions as needed.
     *   Serves as a healthy constraint against too much influence.
     *   Consider a cut off, say 3 or 4 members from the same organization, 
after which no more votes.
     *   If it is not broken, do not fix it.
  *   Discussion and an informal vote indicated an approximate 50/50 split 
between keeping as is and eliminating/modifying the rule. The Secretariat will 
send an email summarizing the issue to the Board list to initiate an online 
discussion before an official vote (action item). One to two weeks will be 
allowed for discussion before the voting period begins.
  *   It was noted that the CNACWG Chair is always a voting member, regardless 
of organization affiliation.
Fall Virtual Workshop Agenda

  *   The draft agenda for the November 15 virtual-only workshop was presented. 
Let the Secretariat know if you have comments or additions.
  *   CVE Services will be a topic (e.g., download capability, deprecation 
date), but a deep dive with demos will be scheduled for a later date.
  *   The workshop will include a panel discussion with CNAs sharing their JSON 
5 experiences. One CNA has tentatively agreed to participate, and others will 
be recruited.
  *   Participants will be asked what changes they want in future CVE Record 
schema updates.
  *   Corpus hygiene will be a topic and include, for example, the importance 
of cleaning up RBPs, and not accidentally deleting references. Will also 
include link rot discussion.
Board Meeting Survey Results

  *   Most respondents think the meetings are useful. There was discussion 
about ways to encourage more involvement in Board discussions. Comments 
     *   Strike a balance; sometimes there are too many voices.
     *   Moderator can cut off anyone monopolizing the discussion.
     *   Use the “raise your hand” feature more often to provide members less 
inclined to speak to have a way to share their opinion.
     *   Consider calling on members who haven’t provided input in a while.
  *   A large majority (88%) of respondents think the two-hour meeting duration 
is the right amount.
  *   A large majority (94%) of respondents think the meeting tempo (every two 
weeks) is good.
  *   A slight majority disagree with the statement “I like having staggered 
meeting times.” Last survey, the results were reversed; a slight majority 
agreed with the statement. Hard to find a good answer that will please everyone.
  *   Under the open-ended question “how can we improve the board meetings” a 
suggestion was made to reach out to other cybersecurity organizations for 
collaboration and guest participation at the meetings. An offline meeting will 
be scheduled by the Secretariat to further discuss next steps to make this 
suggestion actionable. A comment was made to also consider inviting CNAs to 
Open Discussion
There is not yet a consensus around how to implement ADPs in production. The 
Secretariat will summarize this issue and send it out in an email to the Board 
list for discussion (action item).
Review of Action Items
Out of time.
Next CVE Board Meetings

·       Wednesday, October 25, 2023, 9:00am – 11:00am (EDT)

·       Wednesday, November 8, 2023, 2:00pm – 4:00pm (EST)

·       Wednesday, November 22, 2023, 9:00am – 11:00am (EST)

·       Wednesday, December 6, 2:00pm – 4:00pm (EST)

·       Wednesday, December 20, 2023, 9:00am – 11:00am (EST)

·       Wednesday, January 3, 2024, 2:00pm – 4:00pm (EST)
Discussion Topics for Future Meetings

·       Sneak peek/review of annual report template SPWG is working on

·       Bulk download response from community about Reserved IDs

·       Finalize 2023 CVE Program priorities

·       CVE Services updates and website transition progress (as needed)

·       Working Group updates (every other meeting)

·       Council of Roots update (every other meeting)

·       Researcher Working Group proposal for Board review

·       Vision Paper and Annual Report

·       Secretariat review of all CNA scope statements

·       Proposed vote to allow CNAs to assign for insecure default 

·       CVE Communications Strategy

Reply via email to