RE:横切的主题/董事会透明度

在星期四,2017年5月11日,棺材,克里斯写道::国会派出一个调查关于CVE斜方和国土安全部。:请求的公共记录。我们假设的反应你知道他们说什么“假设”,是吗?主教法冠没带原始列表中“公共记录”。CNA发现,问我问题,我没有回答。这就是2017年工作。:斜方和国土安全部也将公共记录的问题。斜方尚未:传播其对国会的反应。一旦传输响应,:国会应该公开,公众的所有成员将:能够审查,包括任何董事会的成员。是的,那对我不起作用。 See below. : More importantly, MITRE looks forward to working with our colleagues to : sustain the tremendous progress the program has made over the past 15 You look forward to working with us... when you didn't bring the letter to the board? Even though Congress' letter is public, you still hide behind this notion that your response, whenever you get around to it, may or may not be public? Please, re-read my subject line. In the interest of transparency, you post your response to the list shortly after you send it to congress. No "if", no "but", no equivocation. : months: implementing a federated program structure including a new Oh stop. "Federated program" only brings up a single thing in my mind; when MITRE tried to circumvent the board and create some new standard that made all of us collectively question you. We saw it via news articles, and almost 24 hours later, the 'update' articles said it was shuttered after industry questioning. This is so disrespctful to the board. : governance and operational model; building upon and improving the CNA : rules and implementation of them; recruitment of new CNAs; improving The same rules I have called out repeatedly, on and off list. The current CNA rules that MITRE continually violates. This isn't about you keeping CNAs in line... for a month now, it has been about keeping MITRE in line with following the CNA rules, specifically around abstraction. This mail makes it clear I should stop mailing MITRE off-list. Every single mail I send that points out MITRE breaking their own rules, questioning assignments, questioning your policies... every single one MUST be on list, for the public record. It's pretty clear to me that MITRE is keen on ignoring all of that and putting on a pretty public face. : CVE-in-a-Box artifacts; improving data exchange; expanding It's curious you say "CVE-in-a-Box"! I sent FOIA requests to DHS on that specific term in 2015. They replied a few months ago saying "no records" available. So... you brought it up on list. What does that term even mean? Why didn't you share that with the board? Why didn't you share it with DHS, which I was under the impression you did? If you DID bring it up with DHS in some capacity, why is DHS uh.. "withholding" that on a FOIA request? That is illegal of course... so your answer is of particular interest to me. Since we're on board list, which is public, I expect full disclosure here. Transparency and all, which is the entire nature of this thread. : internationally; and continuing bimonthly collaborative sessions and : working groups with our Board colleagues, the CNAs, and the greater CVE : community. All the while, getting dissenting opinions from the board in varying degrees, and completely ignoring some of those concerns. : Thank you for your ongoing feedback and please keep providing it. Oh, your pretty government-funded words are so expected. And I will. Just not in the channels you expect me to. CVE, as run by MITRE, has become such a complete disgrace to the industry. The lack of respect you show to "stakeholders" is incredible. .b