再保险(CD): CD建议:投票(投票需求)

> 5)如果投票成员投审议表决,然后编辑可能>延迟一个临时或最终决定至少2周后>是投票。后2周时间,编辑可能会延长>延迟,或无视审查和移动候选人投票>临时决定。很好,只要有一个审核及时投票选项,显示每个人的问题是由投票成员,但不应该推迟approvai过程。> 7)如果选票上候选人投票成员中发现的安全问题>竞争组织旗下的一个产品,那么>成员的投票不能计入法定人数,除非>竞争组织已经公开承认这个问题。这包括推断投票时投竞争组织修改投票?此外,一个竞争对手组织是如何定义的?它区分供应商、学术和政府,或者id,弗吉尼亚州,和其他安全产品?(就此而言,投票成员在学术和政府社区视为竞争对手?:-))在类似的问题上,将修改后跟一个参考引用到投票成员的数据库构成公共问题的确认?我想我知道这个问题的答案,但我想看到它的备案。 > Guidance > -------- [...] > 3) A voting member should vote on candidates according to approved > content decisions, instead of their own personal preferences. > Informally, a voting member should not REJECT a candidate if all of > the following apply: > - the candidate is not a duplicate of other candidates/entries > - it satisfies all approved content decisions (CD's) > - it satisfies CVE's vulnerability/exposure definition Would it be appropriate to add a "no supporting documentation" clause to this list? Although recent entries do not (usually) have this problem, some older CANs have no references. It's not good form to prevent a voting member from casting a REJECT just because CVE claims that an issue exists without external support. > 4) A voting member should not vote for a candidate that is related to > a security problem in a competitor's product, unless the competitor > has acknowledged that the problem exists. Again, would a MODIFY followed by a reference citation suffice as acknowledgement? Personally, I'm in it for the security, and I'll leave the cutthroats in Marketing. :-> Thanks for getting these content decisions rolling. Andre Frech afrech@iss.net Internet Security Systems (678)443-6241http://www.iss.net