Minutes for the CVSS SIG meeting ­ 03/20/2007 Meeting: This meeting…

Minutes for the CVSS SIG meeting ­ 03/20/2007 Meeting:
This meeting was held on Tuesday, March 20, 2007
Conference Call

Attending: Sasha Romanosky, Peter Mell, Tim Keanini, George Theall, Karen Scarfone, Barrie
Brook, Gavin Reid, Mike Scheck, Bill Evans, Robin Sterzer

Agenda/Discussion:

    1) Report status on action items from previous meeting on, 02/20/07:
       a. Peter will look into having the document indicating the changes posted to the web.
       b. Sasha will send Gavin the IEEE article ­ Done
       c. Gavin will post the IEEE article to FIRST ­ Done
       d. Gavin and Peter will work on the document ­ In Progress
       e. Gavin ­ Press release for version 2 ­ Not Done
    2) CVSS Structure, Strategy and Process:
       a. Verification that the base score is fixed
       b. Proposed environment score change
    3) Administrative:
       a. CVSS v1.x documentation status update and proposed changes ­ N/A
       b. Finalize date for releasing Version 2
    4) Roundtable: Updates/Needs/Questions

        Peter ­ Refine the Environmental difficulty and object table. Place in the guide how we
        came up with the new version. Gavin and Peter will write it up. Include how we got to
        this version and testing results.
             a) Everyone is fine with the formula
             b) Peter would like to move the left shift logic to impact. He will do this as long as it
                 does not change the overall and base score. He will have it done in two weeks
             c) NIST implementation of Environment score CIA bias. Continue development of
                 this would end up being the final stage of this version
        Sasha to have the CVSS guide out
                                      -
Action Items:

    1) Gavin and Peter will work on the document (include how we got to this version and test
       results)
    2) Gavin ­ Press release for version 2
    3) Sasha ­ CVSS guide