(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
CVE自动化工作组章程
- 来:“cve-editorial-board-list@mitre.org" <cve-editorial-board-list@mitre.org>
- 主题:CVE自动化工作组章程
- 从:“约翰逊,Christopher s(美联储)”<christopher.johnson@nist.gov>
- 日期:2018年5月17日星期四15:40:20 + 0000
- 接收语言:en - us
- Authentication-results:防晒系数=失败(发送者的IP 192.52.194.235) smtp.mailfrom = nist.gov;imc.mitre.org;dkim =通过(签名验证)header.d = nistgov.onmicrosoft.com, imc.mitre.org;dmarc =失败行动=没有header.from = nist.gov;
- Authentication-results-original:防晒系数=(发送者的IP) smtp.mailfrom =christopher.johnson@nist.gov;
- 交货日期:5月17日星期四12:00:25 2018
- Dkim-signature:v = 1;一个= rsa-sha256;c = /放松放松;d = nistgov.onmicrosoft.com;s = selector1-nist-gov;h =:日期:主题:问题:内容类型:MIME-Version: X-MS-Exchange-SenderADCheck;bh = wJMMpn / 7 h3kg8qcyg72bknwd4smtfjx76rupvgutrgm =;b = UcGG9paBZtTVLA81BJp2Jkf0J9kYSxz72c1nGTmmpJXM / 7 am9ugolz8hil8us + 5 qecj6giev5mkxulq + pif6oKfR6f7h7 / lsTQFwesF7XLD9 + bv / q9DASfo1DReAuuGRHxTByClfv9SdYoRUTEv00QxDkYevDliYu9GBrwAhyU4 =
- Spamdiagnosticmetadata:NSPM
- Spamdiagnosticoutput:1:9 9
- Thread-index:AQHT7fVcP4r + K5w14kS1KR6iaziAsg = =
- Thread-topic:CVE自动化工作组章程
- 用户代理:Microsoft-MacOutlook / 10. d.0.180513
|
CVE董事会成员,
我建议附加CVE自动化工作组章程由董事会批准。请检查这个邮件列表的宪章,并提交你的投票到美国东部时间周四中午,5月31日。投票结果将在6月13日公布th董事会会议。
合同也可以从GitHub库: https://github.com/CVEProject/automation-working-group/blob/master/CAWG_Charter_DRAFT.md
谢谢你! 克里斯·约翰逊 CVE自动化工作小组 |
# CVE自动化工作小组(CAWG)宪章# #范围:CVE自动化工作小组关注识别和推进协同设计方案,开发和部署的自动化功能,支持CVE项目的有效管理。以下目标部分包括当前高层CAWG的目标。工作原理部分捕获SAWG使用原则作为任何努力的一部分。最后,目标部分提供了一些可测量的行为,CAWG目前针对任务。所有的列表如有更改,恕CAWG发展和新项目被确定。当一个提议被接受,将建立一个CAWG项目。项目由一个或多个参与者,将专注于一个提议。每个CAWG项目将包括一个单独的宪章,在需要的地方,提供工作的概述,明确目标,并描述了活动的范围由项目执行的。一般来说,CAWG项目是通过需求项目启动。建议,项目(s)是基于他们发起的,应该结合目标,本宪章中描述操作原则和目标。 ## Goals: - Realize greater efficiency in the creation, ingest, and publication of CVEs - Implement CVE processing and publishing in near-real time - Enable more effective management of CVEs, CNAs, and associated metadata - Develop capabilities that help improve CVE coverage - Make it easier to assign CVE IDs to any and all public vulnerabilities that conform to CNA rules. - Improve the quality of CVE data and metadata - Reduce the amount of human intervention needed to publish, consume, and use CVE data. - Provide improved transparency throughout the CVE management process - Achieve greater interoperability of CVE tools, repositories, and technologies - Promote seamless integration with other enumerations (e.g. CWE, CAPEC) and internal processes - Reduce the barriers for participation in the CVE Program. (e.g., costs, fees, time, effort, and technical expertise) ## Operating Principles: - Employ a decentralized approach to CVE management - Use free and open source solutions where possible. Avoid solutions that require propriety, closed systems, or are not compatible with CVE terms of use. - Promote free and open standards and best practices for automated information exchange. Avoid standards that are not free and not open. - Develop modular code and pluggable capabilities that can be readily reused or extended - Use consistent terminology and naming conventions ## Objectives: - Document current roles, responsibilities, workflows, data formats, and protocols - Define CVE user stories/use cases - Design, develop, and deploy automated and enhanced CVE services (ingest, publication, processing) - Design, develop, and deploy software tools for the development and management of CVE content/information - Streamline existing processes and lay a foundation for future processes
- 跟进:
- 再保险:CVE自动化工作组章程
- 来自:“Levendis,克里斯”< clevendis@mitre.org >
- 再保险:CVE自动化工作组章程
- 上一页的日期:CVE Re: CVSS信息描述
- 下一个按日期:再保险:CVE自动化工作组章程
- 前线程:CVE Re: CVSS信息描述
- 下一个线程:再保险:CVE自动化工作组章程
- 指数(es):
