CVE Board Meeting Notes September 13, 2023 (2:00 pm - 4:00 pm EDT) Agenda
* 2:00-2:05 Introduction * 2:05-3:25 Topics * Board Meeting Times * TWG Proposal for Dates for November Virtual Workshop and Proposed Topics: 1) CVE Services/JSON 5 Guidance, 2) Program Rules * 3:25-3:35 Open Discussion * 3:35-3:55 Review of Action Items * 3:55-4:00 Closing Remarks New Action Items from Today's Meeting New Action Item Responsible Party Send an email to the list for further discussion about changing the Board meeting time to a fixed time. Secretariat Update Vulnerability Events Working Group Charter with the new name and distribute to the Board on the private list for approval. Secretariat Board Meeting Times * A suggestion was made to establish a set time for Board meetings, instead of the current alternating times. Preference indicated was for 2-4pm ET. * The Secretariat will send out an email and survey to the list explaining the problem and offering some options, e.g., new set time, hold two meetings, keep current state (action item). Further discussion will take place on the list and the results will be presented back to the Board. TWG Proposal for Dates for November Virtual Workshop and Proposed Topics: 1) CVE Services/JSON 5 Guidance, 2) Program Rules * This will be a virtual-only session with a technical focus. The two topics will be updated CVE Services/JSON 5 guidance, incorporating lessons learned since deployment last Fall, and a CNA rules update (e.g., status, feedback from CNAs received so far, major changes). * The proposed date of November 8 was changed to November 15 due to multiple Board member conflicts. The Secretariat will send out a Doodle poll to members to identify the best five hour window. * An additional topic idea proposed was "corpus hygiene" (e.g., Rejecting unused CVE IDs, RBP cleanup, etc.). Will be covered under CVE Services. If time allows, may also include discussion about link rot/archiving links. * May have time for some general Q&A at the end, and will solicit thoughts about next steps and topics for the in-person summit next year. Open Discussion * Vulnerability Conference and Events Working Group * Had a discussion with the FIRST.org Executive Director, who expressed interest in being a co-sponsor for the Vulnerability Conference with the CVE Program. * Sharing a one pager regarding that joint sponsorship using our drafted announcement of the conference at the next FIRST Board meeting. * Comment/request to change the name of the working group to Vulnerability Conference and Events Working Group. After discussion, it was decided to make the name Vulnerability Events Working Group. * The Charter will be updated with the new name and distributed to the Board on the private list for approval (action item). Review of Action Items * None. Next CVE Board Meetings * Wednesday, September 27, 2023, 9:00am - 11:00am (EDT) * Wednesday, October 11, 2023, 2:00pm - 4:00pm (EDT) * Wednesday, October 25, 2023, 9:00am - 11:00am (EDT) * Wednesday, November 8, 2023, 2:00pm - 4:00pm (EST) * Wednesday, November 22, 2023, 9:00am - 11:00am (EST) * Wednesday, December 6, 2:00pm - 4:00pm (EST) Discussion Topics for Future Meetings * Sneak peek/review of annual report template SPWG is working on * Bulk download response from community about Reserved IDs * Finalize 2023 CVE Program priorities * CVE Services updates and website transition progress (as needed) * Working Group updates (every other meeting) * Council of Roots update (every other meeting) * Researcher Working Group proposal for Board review * Vision Paper and Annual Report * Secretariat review of all CNA scope statements * Proposed vote to allow CNAs to assign for insecure default configurations * CVE Communications Strategy