CVE Board Meeting Notes
September 13, 2023 (2:00 pm - 4:00 pm EDT)
Agenda
* 2:00-2:05 Introduction
* 2:05-3:25 Topics
* Board Meeting Times
* TWG Proposal for Dates for November Virtual Workshop and
Proposed Topics: 1) CVE Services/JSON 5 Guidance, 2) Program Rules
* 3:25-3:35 Open Discussion
* 3:35-3:55 Review of Action Items
* 3:55-4:00 Closing Remarks
New Action Items from Today's Meeting
New Action Item
Responsible Party
Send an email to the list for further discussion about changing the Board
meeting time to a fixed time.
Secretariat
Update Vulnerability Events Working Group Charter with the new name and
distribute to the Board on the private list for approval.
Secretariat
Board Meeting Times
* A suggestion was made to establish a set time for Board meetings, instead
of the current alternating times. Preference indicated was for 2-4pm ET.
* The Secretariat will send out an email and survey to the list explaining
the problem and offering some options, e.g., new set time, hold two meetings,
keep current state (action item). Further discussion will take place on the
list and the results will be presented back to the Board.
TWG Proposal for Dates for November Virtual Workshop and Proposed Topics: 1)
CVE Services/JSON 5 Guidance, 2) Program Rules
* This will be a virtual-only session with a technical focus. The two
topics will be updated CVE Services/JSON 5 guidance, incorporating lessons
learned since deployment last Fall, and a CNA rules update (e.g., status,
feedback from CNAs received so far, major changes).
* The proposed date of November 8 was changed to November 15 due to
multiple Board member conflicts. The Secretariat will send out a Doodle poll to
members to identify the best five hour window.
* An additional topic idea proposed was "corpus hygiene" (e.g., Rejecting
unused CVE IDs, RBP cleanup, etc.). Will be covered under CVE Services. If time
allows, may also include discussion about link rot/archiving links.
* May have time for some general Q&A at the end, and will solicit thoughts
about next steps and topics for the in-person summit next year.
Open Discussion
* Vulnerability Conference and Events Working Group
* Had a discussion with the FIRST.org Executive Director, who expressed
interest in being a co-sponsor for the Vulnerability Conference with the CVE
Program.
* Sharing a one pager regarding that joint sponsorship using our drafted
announcement of the conference at the next FIRST Board meeting.
* Comment/request to change the name of the working group to
Vulnerability Conference and Events Working Group. After discussion, it was
decided to make the name Vulnerability Events Working Group.
* The Charter will be updated with the new name and distributed to the
Board on the private list for approval (action item).
Review of Action Items
* None.
Next CVE Board Meetings
* Wednesday, September 27, 2023, 9:00am - 11:00am (EDT)
* Wednesday, October 11, 2023, 2:00pm - 4:00pm (EDT)
* Wednesday, October 25, 2023, 9:00am - 11:00am (EDT)
* Wednesday, November 8, 2023, 2:00pm - 4:00pm (EST)
* Wednesday, November 22, 2023, 9:00am - 11:00am (EST)
* Wednesday, December 6, 2:00pm - 4:00pm (EST)
Discussion Topics for Future Meetings
* Sneak peek/review of annual report template SPWG is working on
* Bulk download response from community about Reserved IDs
* Finalize 2023 CVE Program priorities
* CVE Services updates and website transition progress (as needed)
* Working Group updates (every other meeting)
* Council of Roots update (every other meeting)
* Researcher Working Group proposal for Board review
* Vision Paper and Annual Report
* Secretariat review of all CNA scope statements
* Proposed vote to allow CNAs to assign for insecure default
configurations
* CVE Communications Strategy
