2024-06-04.md

June 04, 2024

Agenda

• CISA ADP deployment update
• Vendor usage of CVE Program Automation Tools Discussion/Presentation: Shelby Cunningham (GitHub)
  • Sign-up to present here: #127
• AWG Charter review status
  • Review of open issues: #129, #130
  • Review of open PRs: #128

Notes

• CISA-enriched ADP containers are now present for ~7k CVE records
  • Example: https://cveawg.mitre.org/api/cve/CVE-2024-36400
  • vulnrichment repo will continue to house the CISA-specific data
    • A question was raised of whether it makes sense to duplicate full CVE records in this repo, potentially introducing competing data sets with the official cvelist_v5 repo
  • An announcement will be sent out later to inform the CVE community of these enriched ADP containers
• AWG Charter changes submitted by @jgamblin approved and merged
  • Discussion of #129: it was decided no changes were required here and the issue was closed (see comment in the issue)
  • Discussion of #130: @jgamblin will submit the proposed rule of 25% total votes by a single organization in a separate PR

Decisions

• None

Action Items

[] Jerry Gamblin: Provide an AWG Charter update to reflect an organizational voting representation constraint of 25% of total votes by a single organization.

Recording

Meeting Recordings are available at on the AWG Groups.io platform. To become a member of the AWG (and gain access to this platform), see Joining the AWG.