|
2 | 2 |
|
3 | 3 | ## Agenda |
4 | 4 |
|
5 | | -* Reference Archiver Update |
6 | | -* Enhanced User Story Template |
| 5 | +* ~Reference Archiver Update~ |
| 6 | +* ~Enhanced User Story Template~ |
7 | 7 | - Adopt "Story Template" for all new proposals and initiatives. |
8 | | -* Observed Technical Issue in accessing CVE Services using Vulnogram from Chrome browser |
| 8 | +* ~Observed Technical Issue in accessing CVE Services using Vulnogram from Chrome browser~ |
9 | 9 | * impact of recent Chrome updates |
| 10 | + |
| 11 | +Topics we ran out of time for: |
10 | 12 | * Ideas/Discussion of AWG proposed topics for April 2026 Vulcon Topics |
11 | 13 | * Upcoming Meeting: Preparing for 2026 |
12 | 14 |
|
13 | 15 |
|
14 | 16 | ## Notes |
15 | 17 |
|
16 | | -* |
| 18 | +* Reference Archiver |
| 19 | + * Update was given. Minimal feedback and progress since POC launch. |
| 20 | + * Goal is to start 2026 with a solution that: |
| 21 | + * kicks off archival for all new CVEs |
| 22 | + * restarts the pending archivals for an updated CVE* |
| 23 | + * Main project repository is in need of updates, both in documentation and status. |
| 24 | + |
| 25 | +* User Stories Template |
| 26 | + * It was proposed the QWG adopt a User Story template as part of our SOP. The CWG provided a [template](https://docs.google.com/document/d/1AIZHKECEs3m5TyXjCNUYhVwd-NipAJB_beBqHx2uXnU/edit?tab=t.0) for inspiration. |
| 27 | + * Discussion around how this (and other templates) could be adopted as an entrypoint for discussions and/or work to be done by the AWG. |
| 28 | + * The goal is to start driving behavior based on User Stories and impact. |
17 | 29 |
|
| 30 | + |
| 31 | +* Vulnogram and Chrome 142: |
| 32 | + * A recent update to Chrome changed behavior with service workers that can prevent users in hardened / complicated networking stacks from accessing the CVE Services APIs. |
| 33 | + * Held high level technical discussions around the issue. |
| 34 | + * Consensus was largely that it's not CVE Services related. |
| 35 | + * Known workarounds exist (easiest of which: don't use Chrome!) |
| 36 | + * Questions arose around whether notification should be sent out to the CVE community. |
| 37 | + * Impact analysis hasn't been performed, but reason to believe many may not be affected. |
| 38 | + |
18 | 39 | ## Decisions |
19 | 40 |
|
20 | | -* |
| 41 | +Reference Archiver: |
| 42 | + * Post-meeting note: Updates to CVE will restart the archive schedule regardless of reference-data changes, as it's not uncommon for more details to be published on existing links and then updated on the CVE. |
| 43 | + |
| 44 | +User Stories: |
| 45 | +* Small group will work with CWG to identify a ideal quality-related User Story that we can use to pilot formalizing processes. |
| 46 | +* We could have our own User Story template and definition, or request others provide one base on our format as part of the "handoff to engineering" process. |
| 47 | +* We may (in conjunction or separately with previous item) define an `Architecture Design Document (ADD)` to `Architecture Design Record (ADR)` process. |
| 48 | + |
| 49 | +Vulnogram + Chrome: |
| 50 | +* Scope is outside CVE Services, so no technical action required. |
| 51 | +* Impact and scale is unknown, so seeking feedback from community via Slack. |
| 52 | + |
| 53 | + |
21 | 54 |
|
22 | 55 | ## Action Items |
23 | 56 |
|
24 | | -* |
| 57 | +* Reference Archiver |
| 58 | + * [ ] Sync code bases from pilot repository |
| 59 | + * [ ] Update issues and project board to reflect status |
| 60 | + * [ ] Clean up code + documentation |
| 61 | + |
| 62 | +* User Stories |
| 63 | + * [ ] Work with CWG to identify a well defined User Story and consume, so that we develop natural and well defined processes for decisioning action. |
| 64 | + |
| 65 | +* Vulnogram + Chrome issue |
| 66 | + * [ ] Details are going to be gathered and a question/poll will be posed on Slack to gauge impact. |
25 | 67 |
|
26 | 68 | ## Recording |
27 | 69 |
|
|
0 commit comments