再保险:问题是:老组织提名一个新人

来耶利哥:<jericho@attrition.org>
主题再保险:问题是:旧组织提名一个新人
从:<Casper.Dik@oracle.com>
日期:坐,2016年4月30日12:43:09 + 0200
Authentication-results:防晒系数=没有(发送者的IP 129.83.29.3) smtp.mailfrom = LISTS.MITRE.ORG;mitre.mail.onmicrosoft.com;dkim = none(消息没有签署)header.d =没有;mitre.mail.onmicrosoft.com;dmarc =没有行动=没有header.from = oracle.com;
Cc:“祈神保佑,乔" <jas@mitre.org>,cve-editorial-board-list <cve-editorial-board-list@LISTS.MITRE.ORG>
交货日期:5月2日星期一07:46:43 2016
在回复:<alpine.LNX.2.00.1604300225460.17809@forced.attrition.org>
名单有用:<mailto: LISTSERV@LISTS.MITRE.ORG ?身体= % 20 cve-editorial-board-list信息>
List-owner:<mailto: CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
List-subscribe:<mailto: CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
List-unsubscribe:<mailto: CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
引用:<SN1PR09MB10386EF3FA1DE8B418AAD416B1660@SN1PR09MB1038.namprd09.prod.outlook.com> <alpine.LNX.2.00.1604300225460.17809@forced.attrition.org>
发送方:<owner-cve-editorial-board-list@lists.mitre.org>
Spamdiagnosticmetadata:43 da9c421be74aed97248473db21fd15
Spamdiagnosticoutput:1:2

>等…> >的先例从什么时候开始,现有组织有权>取代>这样的人吗?不是董事会选举在个人绩效这些> >年?> >仅仅因为一个人/组织在黑板上已有十六年,> >的意思是他们不提供任何价值。智慧> >,我深深尊重卡斯珀Dik,我总是。我经常通信> >他十年前关于太阳的漏洞,是他的作品的> >粉丝,并且知道他十分了解我们的行业。> >说,十六年,他已经两次向董事会发布列表* *(相比> Landfield 68次,Seifried 47倍,斯科特14倍……和两个> >有蜜蜂在黑板上下两年)。不管出于什么原因,>卡斯珀>没有提交董事会和选择提供了他非凡的经验> >那些多年努力和洞察力,和作为一个产业,我们> >是更糟。我想辞职的原因是我没有贡献; I think I asked for this several years ago, IIRC, also because my role at Oracle did not and hasn't for quite some time the proper role for a CVE board member. >Oracle, as a company, does not embody the goals and mindset of a CNA >at >all. They have explicitly *countered* many of the things we strive >for, >primarily around vulnerability clarity in tracking and abstraction, >and >continue to fight that to this day. As an organization, Oracle is not >fit >to be a CNA, despite it being terribly convenient for MITRE. >Remove Casper from the picture, which you just did, and Oracle is no >different than any other random company that wishes to have a presence >on >this board. In fact, they are actually LESS suited to than a newcomer >that >may be more open to the industry goals CVE is designed for. > >If there is some policy about existing CNAs automagically getting a >spot >on the board, please cite that public reference so I can kick myself >for >not noticing and arguing it sooner. Joe told me that the CVE board would like to keep a company as large as Oracle on board; so I looked around and found some people who work better as CVE members but I only did that because I was asked to do so. It is also clear that Sun Microsystems had quite a different policy for communicating about security problems; Oracle does not allow any such discussions or communication such as "this problem does not affect Solaris". However, this is only a small part of my job and the take over was by and large a positive effect for our organization so I did not feel I should leave Oracle. We can hope that the people in charge at Oracle see the light. There are a lot of smart people as Oracle; politics, however, can't be changed by being smart. Casper

引用:
- 卡斯珀Dik已经离开了CVE编辑委员会
  - 来自:“祈神保佑,乔”< jas@mitre.org >
- 问题是:老组织提名一个新人
  - 来自:耶利哥< jericho@attrition.org >

上一页的日期:问题是:老组织提名一个新人
下一个按日期:cf的FinTech
前线程:问题是:老组织提名一个新人
下一个线程:马特主教已经离开了CVE编辑委员会
指数(es):
- 日期
- 线程