[CVEPRI]计划今年夏天的CVE活动

今年夏天的CVE活动-----------------------------------------------------------------------------------如果一切顺利计划，今年夏天将是CVE计划的忙碌。我们将跟进上一次面对面董事会会议上讨论的许多主题。以下是即将举行的活动列表。1）将在接下来的几周内讨论和决定各种重要问题。我想安排6月18日至6月22日的一周的电话会议。请让我知道您有什么时间和时间。我们可能会在整个夏天还拥有其他电视会议，因为有很多事情要决定。2）添加了最终董事会成员后，会员资格将被冻结，直到我们完成了面对面会议上讨论的董​​事会更改。3）周四，我将在董事会任务，角色和期望上介绍一篇文章。董事会将在接下来的几周内审查并最终确定它们。 I will be sending individual emails to each Board member regarding the roles and tasks I've observed, then conducting followup discussions with those members whose level or type of participation is uncertain. (There are simply too many Board members to discuss membership with every person at this time, and many of you have steady participation and clear roles and tasks). 4) At the Black Hat conference on July 11, I will be giving a presentation on "CVE behind the scenes." Besides covering content decisions and various thorny issues we've wrestled with over the years, I will also publicly announce the candidate reservation capability which has technically been open to the public for a year now. We would also like to have several more non-MITRE CNA's (candidate numbering authorities) in place. There are various issues that need to be considered. Next week, we expect to present our initial approach to CNA's to the Board. We also plan to conduct outreach to software vendors this month with respect to including candidate numbers in their advisories. After the announcement at Black Hat, we will concentrate on recruiting established researchers. These activities will help address the needs of people who would like CVE candidates sooner rather than later. 5) Since many Board members will probably be at the Black Hat conference, we could have an informal get-together or dinner. I think the conference itself would be too "distracting" for a "real" meeting, so we could make it a casual affair. Let me know if you're interested. 6) Once the Board's tasks and roles are finalized, we will propose a method for adding new members. As discussed at the face-to-face meeting, many members wanted to play a more active role in evaluating and approving new members. We agree that this is a useful function for the Board and expect to make some modifications to the current process. 7) Note that we are delaying the recruitment of up to 12 new Board members until the tasks, roles, and recruitment process have been addressed. For those of you who are concerned about the increasing size of the Board, we should have a much better understanding of the "right" size and composition after all these discussions. In addition, I expect that some members will be leaving the Board. 8) When the method for adding new members has been finalized, we will form the CIEL working group. There are several potential members who might make significant contributions to CIEL. 9) After the major "Board business" is completed, we will concentrate on major content issues, including discussing voting requirements and confidence, adding legacy candidates, addressing limitations of the current naming scheme, etc. 10) In parallel, we will be restructuring CVE compatibility requirements and putting the evaluation and approval process in place. 11) The next face-to-face Board meeting could be held in September. Over the course of the next month, we will identify potential sites. While RAID might be an optimal location, unfortunately most of MITRE's CVE task leaders have scheduling conflicts. (However, some of us could attend a CIEL working group meeting before or after RAID.) The week of September 17th might be best. Please let me know your availability, or if you would be willing to host the next meeting. - Steve