CVE Board Meeting Minutes
November 13, 2024 (9:00 a.m. - 11:00 a.m. EST)
Agenda
* Introduction
* Topics
* 25th Anniversary Media Coverage Recap
* Post Workshop Survey
* VulnCon2025: CVE Program Presentations Discussion
* Open Discussion
* Review of Action Items
* Closing Remarks
New Action Items from Today’s Meeting
New Action Item
Responsible Party
VulnCon 2025: Discuss and coordinate conference topics through the working
groups and the CVE Board email listserv.
CVE Board
VulnCon 2025: Come to December 11th CVE Board meeting with topic ideas for
VulnCon team.
CVE Board
VulnCon 2025: Use the existing Tuesday meeting slot (from 25th Anniversary
report) to coordinate CVE Program topics for VulnCon.
Secretariat
VulnCon 2025: Determine CVE Program track in December and finalize topics at
the January 8th board meeting, as call for papers closes on January 15.
CVE Board
Topics
25th Anniversary Media Coverage Recap
* The 25th Anniversary press release was sent to 115 media outlets,
resulting in around 23 articles. The CVE Program plans to continue engagement
on social media throughout the year.
* MITRE is creating a CVE Program focused video and is looking to involve
members of the community in the video to be released ahead of VulnCon.
* The Outreach and Community Working Group is identifying blog and podcast
topics from 25th Anniversary report.
Post Workshop Survey
* The Secretariat presented the results of the post-CVE Fall Workshop
Survey.
* Attendees provided positive workshop feedback on the delivery of topics
and the use of Zoom as a platform.
* There were suggestions for more advertising of the event beforehand and
better processing of requests to join working groups.
VulnCon 2025: CVE Program Presentations Discussion
* The Program needs to coordinate whether to submit proposals for a CVE/CNA
track and/or whether the CVE program submits a proposed talk on anything
specific separately.
* ACTION: Discuss and coordinate conference topics through the working
groups and CVE Board email listserv.
* ACTION: Come to December 11th board meeting with topic ideas for VulnCon
team.
* ACTION: Use the existing Tuesday meeting slot (from 25th Anniversary
report) to coordinate CVE Program topics for VulnCon.
* ACTION: Determine CVE Program track in December and finalize topics at
January 8th board meeting, as call for papers closes on January 15.
Open Discussion
* Criteria for the CNA Enrichment List is intended to evolve; if criteria
needs to be modified or reviewed, that should be flagged.
* There is a need to clarify the process for identifying criteria (and
messaging of the criteria) so CNAs understand the process.
Review of Action Items
None.
Next CVE Board Meetings
* Wednesday, December 11, 2024, 2:00pm – 4:00pm (EST) - Working Group
Updates
* Wednesday, January 8, 2025, 9:00am – 11:00am (EST)
* Wednesday, January 22, 2025, 2:00pm – 4:00pm (EST) - Working Group Updates
* Wednesday, February 5, 2025, 2:00pm – 9:00am – 11:00am (EST)
* Wednesday, February 19, 2025, 2:00pm – 4:00pm (EST) - Working Group
Updates
Discussion Topics for Future Meetings
* End user working group write-up discussion
* Board discussions and voting process
* ADP discussion
* Sneak peek/review of annual report template SPWG is working on
* Bulk download response from community about Reserved IDs
* CVE Services updates and website transition progress (as needed)
* Working Group updates (every other meeting)
* Council of Roots update (every other meeting)
* Researcher Working Group proposal for Board review
* Vision Paper and Annual Report
* Should be an action item not future discussion topic.
* Secretariat review of all CNA scope statements
* Proposed vote to allow CNAs to assign for insecure default configurations
* CVE Communications Strategy
This document includes content generated with the assistance of Microsoft Teams
Copilot, a generative AI tool. Microsoft Teams Copilot was used to generate the
initial draft of the meeting minutes and provide suggestions for summarizing
key discussion points. All AI-generated content has been reviewed and edited by
the CVE Program prior to publishing. Please report any inaccuracies or other
issues to the CVE Program.
