CVE Board Meeting Minutes
May 14, 2025 (2:00 p.m. – 4:00 p.m. EST)
CVE Board Attendance
☒Pete Allor, Red Hat, Inc.<https://www.redhat.com/>
☐Ken Armstrong, EWA – Canada, an Intertek
Company<https://www.intertek.com/cybersecurity/ewa-canada/>
☐Tod Beardsley, Austin Hackers Anonymous<https://takeonme.org/> (AHA!)
☒Chris Coffin (MITRE At-Large), The MITRE Corporation<https://www.mitre.org/>
☒William Cox, Black Duck Software, Inc.
☒Patrick Emsweller, Cisco Systems, Inc.<https://www.cisco.com/>
☒Jay Gazlay, Cybersecurity and Infrastructure Security Agency
(CISA)<https://www.dhs.gov/cisa/cybersecurity-division/>
☐Tim Keanini
☒Kent Landfield
☐Scott Lawler, LP3<https://lp3.com/>
☒Art Manion
☐MegaZone (CNA Board Liaison), F5, Inc.
☒Tom Millar, Cybersecurity and Infrastructure Security Agency
(CISA)<https://www.dhs.gov/cisa/cybersecurity-division/>
☒Chandan Nandakumaraiah, Palo Alto Networks<https://www.paloaltonetworks.com/>
☐Kathleen Noble, Intel Corporation<https://www.intel.com/>
☒Madison Oliver, GitHub Security Lab
☒Lisa Olson, Microsoft<https://www.microsoft.com/>
☐Shannon Sabens, CrowdStrike, Inc.<https://www.crowdstrike.com/>, Inc.
☒Christopher Turner, NIST
☐Takayuki Uchiyama, Panasonic Holdings
Corporation<https://holdings.panasonic/global/>
☒ David Waltermire
☒James “Ken” Williams, Broadcom Inc.<https://www.broadcom.com/>
CVE Secretariat Attendance
☒ Kris Britton
☒ Christine Deal
☒ Dave Morse
☒ Matt Power
☒ Bob Roberge
☒ Anthony Singleton
☒ Alec J Summers
Agenda
* Introduction
* Topics
* CVE Board Minutes: Public Version
* CNA-LR Clarification
* CVE Program Funding: Updates and discussion of next steps to secure
the CVE Program
* WG Topics: Consumer WG Update/Possible Research CNA WG
* Optional Board Working Sessions
* Review of Action Items
* Closing Remarks
New Action Items from Today’s Meeting
New Action Item
Responsible Party
CNA-LR Clarification: Schedule a follow-up session to clarify and document the
CNA-LR process.
Secretariat
Researcher CNA Working Group: Further discussion on potential formation, scope,
and objectives.
Board
Consumer Working Group: Invite proposed group lead to the next Board meeting to
present the updated charter and gather Board feedback.
Secretariat
Topics
CVE Board Minutes: Public Version
A discussion on what to include in public meeting notes was initiated. The
consensus was to list attendees but refrain from attributing specific comments
to individuals. The focus remains on maintaining transparency while providing
an atmosphere supportive of open deliberation.
________________________________
CNA-LR Clarification
The Board reviewed concerns regarding the terminology and structure of the CNA
of Last Resort (CNA-LR), noting that the “last resort” language may
misrepresent its intended role within the CNA framework.
Clarifications were discussed regarding the governance model, emphasizing that
the CNA-LR functions as the technical arm within a root structure, distinct
from governance responsibilities.
The need for clearer procedural flow and decision-making guidelines for the
role of CNA-LR was identified to prevent misunderstandings about its scope and
purpose. Further discussions are planned among Board members.
ACTION: Follow up for discussion with RH (a CNA-LR), MITRE Top-Level
Root/Secretariat, and interested Board members to discuss process, language,
and documentation to be scheduled.
________________________________
CVE Program Funding: Updates and discussion of next steps to secure the CVE
Program
Deferred to next Board meeting (May 28) because Board member who requested this
topic was not present.
________________________________
WG Topics: Consumer WG Update/Possible Research CNA WG
Updates were provided regarding the proposed Consumer Working Group, focusing
on capturing consumer pain points and identifying potential improvements to CVE
data usability. Potential deliverables discussed included identifying key
questions to guide group discussions, establishing a communication framework,
and aligning objectives with broader CVE Program goals. A recommendation was
made to invite the proposed group lead to present the group’s charter and
proposed deliverables at the next meeting for further review and feedback.
________________________________
Open Discussion
None.
Review of Action Items
Deferred.
This document includes content generated with the assistance of Microsoft Teams
Copilot, a generative AI tool. Microsoft Teams Copilot was used to generate the
initial draft of the meeting minutes and provide suggestions for summarizing
key discussion points. All AI-generated content has been reviewed and edited by
the CVE Program prior to publishing. Please report any inaccuracies or other
issues to the CVE Program.
