The QWG should consider periodic quality audits of recent CVE records #445
alilleybrinker
started this conversation in
Ideas
Replies: 1 comment
-
|
I think this could also be a great way to introduce new people to the schema and to the cve project more generally as well. We could make an (async) event of this, coordinate reviewing sections, and explicitly ask more junior people in all the orgs we're in to participate. Maybe we dedicate a QWG meeting to a wrap up event too. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
This would probably need to be settled in an RFD.
The goal of these audits would be to identify quality issues in recent CVE Records, with the goal of either working with CNAs to address those issues and/or to identify improvements to the Record Format and its validation to reduce issues in the future.
The audits should be on a regular schedule, and would include a sampling of CVE Records taken from a fixed window (probably those published since the last audit).
Per the flowchart here, one action out of these audits could be to mark fields for deprecation or as unused.
Beta Was this translation helpful? Give feedback.
All reactions