CVE的进步

2016年快乐！对不起，我的答复缓慢。假期生病并不有趣。CVE问题最近讨论了。*当前的CVE操作背景和所需改进 * CVE CNA规则和准则 *现有的CNA问题和指南以解决这些问题 * CVE覆盖范围 -  CVE /相关资源和产品的覆盖范围优先范围 *更简单的计数方法 *董事会职责 *我们的重点CVE在一个全球开发软件 * CVE分配的未来管理体系结构的世界中 - 联合CVE * CVE使用 - 数据库 / NVD，其他 * CVE Backlog * CVE运营的资金 * CVE运营 *最终CVE条目的质量'会员资格和增加会员的过程，我相信还有其他我错过的……在去年我们在RSA举行的面对面上，我们讨论了多天CVE编辑董事会工程和组织研讨会。该计划是要向编辑委员会成员开放，其主要目的是解决当时的许多未偿还问题。一组问题尚未解决。我们都认识到，并且以我们现在的进步速度，我们可能在两年内谈论相同的问题，几乎没有做。 What we need to do is to get those interested in fixing the current issues, advancing CVE and putting it on a successful path, to get together in the same room for a few days to have high-bandwidth, open and honest discussions about the way forward. I don't see us being successful without an event such as this. I know RSA is once again coming up but any meeting we will have there will be limited to potentially a couple hours due to everyone�s schedules. What we need is to have this type of F2F in a place where we can be totally focused on CVE and it's improvements. Would MITRE or anyone here want to hold such an event? I suspect we would need three days to discuss the issues and come to some agreement. I suspect late March or early April could be a good time to to shoot for. We would need to set up an agenda to assure we were addressing a prioritized set of issues in order to get the most out of the workshop. If we are serious about correcting CVE related issues we need this time... Thoughts? --- Kent Landfield +1.817.637.8026