CVE Board Meeting Notes December 13, 2023 (2:00 pm – 4:00 pm EST) Agenda
Introduction Topics o Welcome to New Board Member o Glossary and CNA Rules o CVE-Like Programs (!CVE, Language Model Vulnerabilities and Exposures [LVEs]) o Post Workshop Survey Open Discussion Review of Action Items Closing Remarks New Action Items from Today’s Meeting Action Item # New Action Item Responsible Party Due Reach out to LVE to learn more about what they do, and how to work with CVE. Secretariat Welcome to New Board Member * The Board welcomed its newest member, approved last week by majority vote. The two week voting period remains open until December 18. Glossary and CNA Rules * The current Rules update includes tweaks to existing terminology and the introduction of new terms. * The SPWG will send to the Board the updated glossary with a strong recommendation to approve. This is the first step in approving the Rules update. * The term “CVE Record Format” will be added to the glossary. * The current glossary can be found here<https://docs.google.com/document/d/1PV7DdToG8dWAubCR5sI73Cfdzkv_gk79oEvu-HJRqRQ/edit#heading=h.n7t7mbjcutql>. * The SPWG expects to release the Rules draft in early January for a first review by CNAs. The review period will last four weeks, followed by a two week update cycle. The revised update will then be distributed for review to a broader group. CVE-Like Programs (!CVE, Language Model Vulnerabilities and Exposures [LVEs]) * The CVE Program will reach out to !CVE to better understand their concerns and see if there is a way to work together. * Another organization, Language Vulnerabilities and Exposures (LVE<https://github.com/mbalunovic/lve/blob/main/README.md>), also appears to be working in an area where CVE may have interest. The program will reach out to them (action item) to start the conversation. * It may be appropriate to invite them to a Board meeting, but reach out informally first. * Do the Rules need changes or additions to be more inclusive? Post Workshop Survey * Only open ended questions were asked. There were three respondents. * Results: The workshop was valuable with interesting sessions, and was clearly presented. The program needs to find new ways to get new CNAs engaged. * The onboarding process encourages new CNAs to get involved. A new slide was recently added to the onboarding materials to highlight CNACWG benefits and the Mentoring Program. * More participation in the survey would have provided more information for improvement ideas. A suggestion was made to send out the survey right after the workshop next time. Have it ready. Another idea for consideration is requiring registration, even if the event is free, for better tracking of who is coming. Open Discussion * Spring 2024 Conference * There was discussion about metrics and surveys for the upcoming conference in 2024 with FIRST.org. Registration metrics for the in-person and virtual options should be possible. Surveys should also be possible, but this has not been discussed. The cost for registration will be $250 to attend the three day event in-person. For virtual or to attend one day as a speaker, registration is $100. * There have been 13 submissions for the Call for Papers. * Malformed CVE Records * The program has an ongoing problem with CVE Records that are malformed. The QWG has been talking about ways to deal with this problem. One idea is to have someone be an editor of record content before the record gets published. Need to define and implement editorial standards that all records would be expected to meet. * Two examples of malformed are not adhering to program rules, and not keeping up with record schema updates. * QWG will continue their discussions on this and come back to the Board with some ideas for moving forward. If interested, please attend the QWG meetings. Review of Action Items Out of time. Next CVE Board Meetings Wednesday, January 10, 2024, 9:00am – 11:00am (EST) Wednesday, January 24, 2024, 2:00pm – 4:00pm (EST) Wednesday, February 7, 2024, 9:00am – 11:00am (EST) Wednesday, February 21, 2024, 2:00pm – 4:00pm (EST) Wednesday, March 6, 2024, 9:00am – 11:00am (EST) Wednesday, March 20, 2024, 2:00pm – 4:00pm (EDT) Discussion Topics for Future Meetings Sneak peek/review of annual report template SPWG is working on Bulk download response from community about Reserved IDs CVE Services updates and website transition progress (as needed) Working Group updates (every other meeting) Council of Roots update (every other meeting) Researcher Working Group proposal for Board review Vision Paper and Annual Report Secretariat review of all CNA scope statements Proposed vote to allow CNAs to assign for insecure default configurations CVE Communications Strategy