Skip to content

Latest commit

 

History

History
56 lines (46 loc) · 4.66 KB

2024-11-05.md

File metadata and controls

56 lines (46 loc) · 4.66 KB

November 05, 2024

Agenda

User Story Prioritization

  • 2nd Tier (10 Points)
    • Issue #1238 Discuss adding a user deletion endpoint.
      • Although a high priority, this User Story still needs discussion to clarify the requirements.
    • Issue #1236 Update Swagger doc examples to include CVSS 4.0
    • Issue #1096 Create endpoint to return CVE-IDs for CVE Records calling or has added ADP containers to
  • Third Tier (5 Points)
    • Issue #1279 reserve IDs for year 2025?
    • Issue #1282 (NEEDS DISCUSSION) Change API (and web site) behavior for RESERVED CVE ID
    • Issue #1258 Update PUT /org endpoint to set when an Org was last active
    • Issue #1209 CVSS score mismatch erros shown later than other
    • Issue #1121 CVSS 3 score mismatch errors shown later than other errors
    • Issue #1187 Migrate the 5.1.1 schemas
    • Issue #577 avoid January 1 failures of CVE ID reservations.

Notes

  • Testing of CVE Services that supports CVE schema 5.1.1 runs until the 15th; deploy to prod no later than Dec 11 (but not during thanksgiving week); ideally the week before thanksgiving

  • Triaged and prioritazed the following issues during the meeting:

    • Issue #1238 Discuss adding a user deletion endpoint.
      • discussed and closed
      • Additional note on expectations around user metadata for CNAs at https://www.cve.org/AllResources/CveServices: "User ID: Often this is the person’s email address", "it is the responsibility of that CNA’s OA to maintain individual accountability of who has performed CVE Services transactions on behalf of that CNA"
    • Issue #1236 Update Swagger doc examples to include CVSS 4.0
      • agreed to keep as high prio since it's an easy fix
    • Issue #1096 Create endpoint to return CVE-IDs for CVE Records calling or has added ADP containers to
      • an alternative solution was proposed as a cost-saving measure, see latest comment in issue
    • Issue #1282 (NEEDS DISCUSSION) Change API (and web site) behavior for RESERVED CVE ID
      • discussion about use cases; AWG members were asked to add their comments to issue to discuss in a future meeting and vote on a decision between not showing any reserved CVE IDs or adding them to the bulk cvelist repo
    • Issue #1187 Migrate the 5.1.1 schemas
      • done
    • Issue #577 avoid January 1 failures of CVE ID reservations.
      • decision made, high prio
    • Issue #1279 reserve IDs for year 2025?
      • done
    • Remaining issues that weren't discussed since we ran out of time:
      • Bottom N issues that were identified to be potentially closed
      • Issue #1258 Update PUT /org endpoint to set when an Org was last active
      • Issue #1209 CVSS score mismatch erros shown later than other
      • Issue #1121 CVSS 3 score mismatch errors shown later than other errors

Decisions

  • See notes above for each issue.

Action Items

  • AWG members to add use cases to Issue #1282 for having an accessible list of all reserved CVE IDs.

Recording

Meeting recordings are available on the AWG Groups.io platform. To become a member of the AWG (and gain access to this platform), see Joining the AWG.