So glad to hear this feedback, Chris! Understood on the meeting challenge. It was also pointed out that Wednesday is a US federal holiday. Apologies for overlooking that. Full disclosure, I am trying to navigate a lot of competing calendars, and the position of Wednesday afternoons mid-month tick most of the boxes (e.g., west coast timezone sensitivity, avoiding bi-weekly CVE Board meetings, etc.).
I will send out a new poll with our monthly meetings starting in July. Cheers, Alec -- Alec J. Summers Cyber Security Engineer, Principal Group Lead, Cybersecurity Operations and Integration Center for Securing the Homeland (CSH) –––––––––––––––––––––––––––––––––––– MITRE - Solving Problems for a Safer World™ From: Chris Eng <c...@veracode.com> Date: Monday, June 17, 2024 at 10:45 AM To: Alec J Summers <asumm...@mitre.org>, Oberg, Jason <ja...@cycuity.com> Cc: CWE CAPEC Board <cwe-capec-board-list@mitre.org> Subject: RE: [EXT] Re: CWE Usability Work I really like the mapping guidance – not sure how long these have been in place without me noticing, but I got a question about it at work the other day and it led to a good conversation. Looks like I can’t make the meeting this month – I only I really like the mapping guidance – not sure how long these have been in place without me noticing, but I got a question about it at work the other day and it led to a good conversation. [cid:image001.png@01DAC0A3.6CF0E5E0] Looks like I can’t make the meeting this month – I only saw 3 options listed and they were all during roughly the same timeframe. From: Alec J Summers <asumm...@mitre.org> Sent: Monday, June 17, 2024 7:52 AM To: Oberg, Jason <ja...@cycuity.com> Cc: CWE CAPEC Board <cwe-capec-board-list@mitre.org> Subject: [EXTERNAL] Re: [EXT] Re: CWE Usability Work External Message Disclaimer This message originated from an external source. Please use proper judgment and caution when opening attachments, clicking links, or responding to this email. ________________________________ Thanks, Jason. Appreciate the feedback. As a reminder, here is a doodle poll for determining a monthly 1hr Board meeting series: https://doodle.com/meeting/participate/id/bqMqLG2b Cheers, Alec -- Alec J. Summers Cyber Security Engineer, Principal Group Lead, Cybersecurity Operations and Integration Center for Securing the Homeland (CSH) –––––––––––––––––––––––––––––––––––– MITRE - Solving Problems for a Safer World™ From: Jason Oberg <ja...@cycuity.com<mailto:ja...@cycuity.com>> Date: Friday, June 14, 2024 at 4:48 PM To: Alec J Summers <asumm...@mitre.org<mailto:asumm...@mitre.org>> Cc: CWE CAPEC Board <cwe-capec-board-list@mitre.org<mailto:cwe-capec-board-list@mitre.org>> Subject: [EXT] Re: CWE Usability Work Hi Alec and all, I really like the images that are in each of the mock-ups. That really helps provide quick context into whether the CWE is relevant for the CWE user without reading a lot of detail. It also looks like the proposed changes also Hi Alec and all, I really like the images that are in each of the mock-ups. That really helps provide quick context into whether the CWE is relevant for the CWE user without reading a lot of detail. It also looks like the proposed changes also move up the Common Consequences and Potential Mitigations up to the top, just after the description? I do like that reorganization as well. In terms of the next meeting, I am traveling 6/19 so unfortunately unavailable. In general, I am fine with a monthly 1 hour meeting. Thanks, Jason On Wed, Jun 12, 2024 at 8:19 AM Alec J Summers <asumm...@mitre.org<mailto:asumm...@mitre.org>> wrote: CWE Board Members, Good morning! I hope you are all well. As discussed in our last meeting, the team has been engaging with the CWE stakeholder community on addressing CWE usability challenges. We are currently in the process of making changes to the presentation of some CWE entries and have prepared a set of usability mockups for your review. The UEWG and the RCM WGs are the public forums for a lot of the discussions around this work. The input we have received in these forums has been invaluable and we are eager to continue this collaborative approach as we refine the presentation of CWE entries. We are sharing some mockups so you may see what changes we a proposing in response to community feedback. Please note that the content within these mockups is still actively being worked on and should be considered as drafts. Here is a quick summary of what the proposed changes entail: * Concise summary of the weakness with a visual aid. * A slight reordering of elements to be 'Alternate Terms', 'Consequences', then 'Mitigations'. * Remaining elements to follow. You can view some current examples at this URL: https://drive.google.com/drive/folders/1NqYbkZcyXE7xzIhyADFFRjHXpuKvV01Q?usp=drive_link We would also like to discuss these mockups during our next CWE Board meeting. Also, as previously discussed, many members believe that the CWE Board should meet more regularly given the needs for the CWE Program’s continued modernization and advancement. I am proposing a shift to a monthly 1hr meeting for this purpose. Here is a doodle poll to kick things off: https://doodle.com/meeting/participate/id/bqMqLG2b Cheers, Alec -- Alec J. Summers Cyber Security Engineer, Principal Group Lead, Cybersecurity Operations and Integration Center for Securing the Homeland (CSH) –––––––––––––––––––––––––––––––––––– MITRE - Solving Problems for a Safer World™
