CVE Board Meeting Notes
September 18, 2024 (9:00 am - 11:00 am EDT)
Agenda
* Introduction
* Topics
* CPE: How CPEs can be better supported within the CVE Record
* 25th Anniversary Report: Media Engagement
* CVE Program CNA Workshop (October 29-30): Proposed Agenda
* Review of Action Items
* Closing Remarks
New Action Items from Today's Meeting
New Action Item
Responsible Party
CNA Workshop: Send draft agenda to Board for review, confirm speakers, and
collect abstracts.
Secretariat/VCEWG
CPE Support: Schedule meeting with NVD and CVE leaders.
Secretariat/SPWG Chair
Topics
CPE: How CPEs can be better supported within the CVE Record
* Currently in the middle of a vote around an implementation for CPE in the
CVE Record. Would be good to level set across what the exactly the technical
implications of this are and how it fits into a broader solution toward
software identity. We want to make sure everybody is on the same page to
understand what we are voting on.
* QWG arrived at solution of applying the NIST NVD schema. An example
fork has been implemented to show how this change to CPE could be implemented.
It is not a breaking change, but an optional change that helps address some of
the key concerns right now in the CNA community. It does not prevent any
expected future changes to CPE as discussed with NVD.
* Proposal for Snap Vote: It was proposed that the current vote regarding
CPE via the email list be canceled in order to nullify the results, provide
time for additional discussion, and allow for a potential future re-vote.
* Quorum of 11 members present voted unanimously to cancel the current
vote.
* Comments:
* Moving forward in the future, we should have conversations before we
start votes so everyone is on the same page.
* ACTION: Schedule meeting with NVD and CVE leaders.
25th Anniversary Report: Media Engagement
* Continue providing media contacts to the Secretariat.
* Plan to have a draft ready for review by end of the month.
* Adding a temporary design of CVE logo which includes 25th anniversary.
CVE Program CNA Workshop (October 29-30): Proposed Agenda
* The VCEWG developed the draft agenda for the Workshop.
* Ready to push out notifications to CNAs pending Board review.
* Current agenda includes proposed speakers. Final will include
abstracts for each session as provided by the speakers.
* ACTION: Send draft agenda to Board for review, confirm speakers, collect
abstracts.
Review of Action Items
None.
Next CVE Board Meetings
* Wednesday, October 2, 2024, 2:00pm - 4:00pm (EDT) - Working Group Updates
* Wednesday, October 16, 2024, 9:00am - 11:00am (EDT)
* Wednesday, October 30, 2024, 2:00pm - 4:00pm (EDT) - Working Group Updates
* Wednesday, November 13, 2024, 9:00am - 11:00am (EDT)
Discussion Topics for Future Meetings
*Bold items are those flagged for discussion need.
* End user working group write-up discussion
* Board discussions and voting process
* ADP discussion
* Sneak peek/review of annual report template SPWG is working on
* Bulk download response from community about Reserved IDs
* CVE Services updates and website transition progress (as needed)
* Working Group updates (every other meeting)
* Council of Roots update (every other meeting)
* Researcher Working Group proposal for Board review
* Vision Paper and Annual Report
* Should be an action item not future discussion topic.
* Secretariat review of all CNA scope statements
* Proposed vote to allow CNAs to assign for insecure default configurations
* CVE Communications Strategy
