CVE Board Members, I hope you are all well!
Earlier today, the TWG discussed having the CVE Program publish metrics and recognition for CNA data enrichment adoption. For the last month or so, the Secretariat has been pulling data on a bi-weekly basis to track which CNAs are providing CVSS, CWE, and CPE information in their CVE Records. These data pulls track how often CNAs are providing this information across the previous 365-days, 4-week, and 2-week time periods. Spreadsheets have been shared with the Board via email, and the next one will be coming Monday. We’d like to establish a working session to plan: 1. What to include on such a metrics/recognition webpage 2. The requirements for, and how to how to label/name the recognition for CNAs that are doing CVE Record enrichment as part of their disclosure process. I have tentatively scheduled a working session for 12pm ET on Thursday, June 20. We can reschedule, if necessary. Please let me know if you would like to participate. Cheers, Alec -- Alec J. Summers Cyber Security Engineer, Principal Group Lead, Cybersecurity Operations and Integration Center for Securing the Homeland (CSH) –––––––––––––––––––––––––––––––––––– MITRE - Solving Problems for a Safer World™
