再保险:杜松添加到官方列表区域

布莱恩-谢谢你的周到的回复。CVE团队将继续发布CVE名义团队。在特定点的接触是必要的,董事会成员将提供这些。我是横切CVE项目领导,认为这个角色在今年年初。如果责任是担忧,我的联系方式如下。我很高兴回答任何问题,关注和评论任何人可能代表CVE团队。你的意见关于什么应该发布到公共和私人列表是有效的,但是有一部分人可能有不同的看法,具有同等法律效力。因为所有董事会成员都是平等的,享有自己的意见,所有的意见都必须考虑。例如,注意私人董事会名单昨天关于Juniper旨在提供所有董事会成员与坦诚的方式私下发表意见的机会,他们可能是不舒服的在公共场合表达。在这种背景下,文章的观点的人是最能决定是否他们想要他们的意见公示,并不是任何人但是他们做出这个决定如果私人列表的初衷是荣幸。 Using the private list does not preclude in any way public discussions, and in many ways can accelerate the tempo and quality of such discussions. As we collectively rework the roles and interactions of CNAs and the broader issue set around the CVE capability, there will likely be occasions where private discussions are required to better serve what is discussed publicly. We understand and appreciate your objections to Juniper. Juniper is not being rewarded for anything. Rather, they are being brought online as a new CNA so that we can expand the CVE capability consistent with the stated objective of our Board colleagues to scale the capability under a federated approach to increase coverage. We were delighted to hear Juniper's enthusiasm to be active, flexible participants in charting the way forward. They are best positioned to do this as a CNA, as is Intel. It gives them a real stake in the outcomes we collectively wish to achieve. This is the CVE Team's opinion that we look forward to discussing with our Board colleagues. More broadly, the CVE Team understands the issues with CNAs; such issues have not been ignored and our goal is to actively address them with the Board. In the past, the CVE Team has not effectively communicated with the Board in terms of frequency, content and follow-through. We acknowledge this, apologize for it, and intend to make this right going forward. We voiced this at the 30 March discussion and look forward to the Board call tomorrow to continue the positive trajectory in dealing with the dozens of issues that will arise as we collectively work to scale the capability. We have adopted the "fail fast" mentality. That mentality applies to more than just the DWF pilot. I am unsure what "fruity integration" means in the context of GitHub. We committed to the Board to get our documents up on GitHub at the 30 March discussion. That is done. We use the site for other non-CVE projects and have had good experience with it. We use github.io as a simple way to present the mark down expressed documentation. Is there a specific issue that underpins "fruity integration" that you are able to make us aware of? If you prefer not to work within the github.io presentation layer, you may access the documents in the "cna" and "content" directories at:https://github.com/CVEProject/docs。CVE团队接受任何方式董事会决定适合有效的协作。在3月30日会议上,GitHub是建议,我们同意了。我们完全开放给其他建议和有一些我们自己的。例如,Google Docs可能是一个好地方开发第一个版本文件发布之前在GitHub公共审查和评论这允许一个更小的组非常博学的专家建立有意义的基于我们共同的经验,从而降低了交易成本,当我们接触公众。在某些情况下,这可能是一个适当的方法在其他它可能不是。董事会是最适合在个案基础上决定这些问题。CVE团队有以下目的:1)与CVE利益相关者有效沟通;2)提高运营效率;和3)规模CVE功能。 All of our team members believe in and are accountable for achieving these objectives, which were established in February 2016. We fully understand that the answers to many of the issues that must be addressed are not resident within our knowledge base. We reached out to the Board to schedule the 30 March meeting and greatly appreciate their willingness to meet every two weeks on an ongoing basis to better identify issues, structure the decisions required to resolve the issues, and make concrete decisions to move the capability forward. Regards The CVE Team ___________________ Chris Levendis MITRE Homeland Security Systems Engineering and Development Institute (HS SEDI) (MITRE) 703-983-2801 (Cell) 703-298-8593 clevendis@mitre.org -----Original Message----- From: jericho [mailto: jericho@attrition.org发送:周三,2016年4月20日16点到:常见的漏洞和风险敞口< cve@mitre.org > Cc: cve-editorial-board-list < cve-editorial-board-list@lists.mitre.org >主题:RE:杜松被添加到官方列表区域重要性:高这最初发布“私人”编委会名单。我移动这个线程到公共列表,因为它涉及到整个行业。私人列表只能用于向董事会有关事项,如对新成员投票,而不是讨论全行业的问题。另外,请注意,转移到私人列表发生了比它在过去60天在过去6 - 18个月。这是不能接受的。