Re: [EXTERNAL] Re: CVE Board Meeting Summary: January 18, 2023

2023-01-25 Thread Art Manion


While it wasn't directly part of the discussion, this may be related:

   https://github.com/CVEProject/automation-working-group/issues/116

   https://github.com/CVEProject/cve-website/issues/1224

So keeping track of/logging all changes, but also adding owning_cna to the 
JSON, which requires some work on the services/backend.

  - Art


On 2023-01-25 10:14, Lisa Olson wrote:

> Someone can correct me if I’m wrong but the conversation, as I recall, was 
> around storing change history with regards to GDPR considerations.  MITRE 
> lawyers are digging into the implications and Madison Oliver is also doing 
> some research on behalf of Github and GDPR.
>
> Lisa
>
> *From:* Tod Beardsley 
> *Sent:* Tuesday, January 24, 2023 5:39 PM
> *To:* Art Manion 
> *Cc:* Landfield, Kent ; CVE Program Secretariat 
> ; CVE Editorial Board Discussion 
> 
> *Subject:* [EXTERNAL] Re: CVE Board Meeting Summary: January 18, 2023
>
> I would expect so, Art. Is this a controversial issue? I assume there's some 
> context and nuance here.
>
> And yes, I'm fully prepared to take my absentee lumps, Kent. 8am Wednesdays 
> are no longer really great for me for calls (though it looks like I can join 
> on the bottom half pretty often).
>
> On Tue, Jan 24, 2023 at 3:58 PM Art Manion  > wrote:
>
> On 2023-01-24 16:48, Kent Landfield wrote:
>
>  > Reach out to the CNA community to gauge how important CVE Record 
> Change History is to them.
>
> Opinion:  CVE Record change history should be fully public and 
> transparent.
>
> While partially a separate question, this could be provided through a git 
> repo of JSON files.
>
>    - Art
>
>
> NOTICE OF CONFIDENTIALITY: At Rapid7, the privacy of our customers, partners, 
> and employees is paramount. If you received this email in error, please 
> notify the sender and delete it from your inbox right away. Learn how Rapid7 
> handles privacy at rapid7.com/privacy-policy 
> .
>  To opt-out of Rapid7 marketing emails, please click here
> 
>  or email priv...@rapid7.com .
>



Re: [EXTERNAL] Re: CVE Board Meeting Summary: January 18, 2023

2023-01-25 Thread Chris Levendis
I’ll have an update at the TWG tomorrow morning regarding GDPR.

C

Chris Levendis
The MITRE Corporation
cleven...@mitre.org
(703) 298-8593

Get Outlook for iOS<https://aka.ms/o0ukef>

From: Lisa Olson 
Sent: Wednesday, January 25, 2023 10:14:43 AM
To: Beardsley, Tod ; Manion, Art 

Cc: Landfield, Kent ; CVE Program Secretariat 
; CVE Editorial Board Discussion 

Subject: RE: [EXTERNAL] Re: CVE Board Meeting Summary: January 18, 2023


Hi Tod,

Someone can correct me if I’m wrong but the conversation, as I recall, was 
around storing change history with regards to GDPR considerations.  MITRE 
lawyers are digging into the implications and Madison Oliver is also doing some 
research on behalf of Github and GDPR.

Lisa



From: Tod Beardsley 
Sent: Tuesday, January 24, 2023 5:39 PM
To: Art Manion 
Cc: Landfield, Kent ; CVE Program Secretariat 
; CVE Editorial Board Discussion 

Subject: [EXTERNAL] Re: CVE Board Meeting Summary: January 18, 2023



I would expect so, Art. Is this a controversial issue? I assume there's some 
context and nuance here.



And yes, I'm fully prepared to take my absentee lumps, Kent. 8am Wednesdays are 
no longer really great for me for calls (though it looks like I can join on the 
bottom half pretty often).



On Tue, Jan 24, 2023 at 3:58 PM Art Manion 
mailto:zman...@protonmail.com>> wrote:

On 2023-01-24 16:48, Kent Landfield wrote:

> Reach out to the CNA community to gauge how important CVE Record Change 
> History is to them.

Opinion:  CVE Record change history should be fully public and transparent.

While partially a separate question, this could be provided through a git repo 
of JSON files.

  - Art


NOTICE OF CONFIDENTIALITY: At Rapid7, the privacy of our customers, partners, 
and employees is paramount. If you received this email in error, please notify 
the sender and delete it from your inbox right away. Learn how Rapid7 handles 
privacy at 
rapid7.com/privacy-policy<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.rapid7.com%2Fprivacy-policy%2F=05%7C01%7Celolson%40microsoft.com%7C413e2d62ceef4da0e60408dafe750bf5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638102075930256490%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=0DPf%2Fwiu%2BVgdm5Hejq8%2FEIu8ySPke9UG1IVsCvdegQc%3D=0>.
 To opt-out of Rapid7 marketing emails, please click 
here<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Finformation.rapid7.com%2Fcommunication-preferences.html=05%7C01%7Celolson%40microsoft.com%7C413e2d62ceef4da0e60408dafe750bf5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638102075930256490%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=aBOPWqomt%2Bq7knWrErTbPejHUPKeeI9gyW7piB%2BXjAk%3D=0>
 or email priv...@rapid7.com<mailto:priv...@rapid7.com>.


RE: [EXTERNAL] Re: CVE Board Meeting Summary: January 18, 2023

2023-01-25 Thread Lisa Olson
Hi Tod,
Someone can correct me if I'm wrong but the conversation, as I recall, was 
around storing change history with regards to GDPR considerations.  MITRE 
lawyers are digging into the implications and Madison Oliver is also doing some 
research on behalf of Github and GDPR.
Lisa

From: Tod Beardsley 
Sent: Tuesday, January 24, 2023 5:39 PM
To: Art Manion 
Cc: Landfield, Kent ; CVE Program Secretariat 
; CVE Editorial Board Discussion 

Subject: [EXTERNAL] Re: CVE Board Meeting Summary: January 18, 2023

I would expect so, Art. Is this a controversial issue? I assume there's some 
context and nuance here.

And yes, I'm fully prepared to take my absentee lumps, Kent. 8am Wednesdays are 
no longer really great for me for calls (though it looks like I can join on the 
bottom half pretty often).

On Tue, Jan 24, 2023 at 3:58 PM Art Manion 
mailto:zman...@protonmail.com>> wrote:
On 2023-01-24 16:48, Kent Landfield wrote:

> Reach out to the CNA community to gauge how important CVE Record Change 
> History is to them.

Opinion:  CVE Record change history should be fully public and transparent.

While partially a separate question, this could be provided through a git repo 
of JSON files.

  - Art


NOTICE OF CONFIDENTIALITY: At Rapid7, the privacy of our customers, partners, 
and employees is paramount. If you received this email in error, please notify 
the sender and delete it from your inbox right away. Learn how Rapid7 handles 
privacy at 
rapid7.com/privacy-policy.
 To opt-out of Rapid7 marketing emails, please click 
here
 or email priv...@rapid7.com.