CPE Version 3.0 Meeting -- April 30

All,

I would like to start the discussion about CPE version 3.0 at a meeting
in Bedford, MA on Wednesday April 30th.  That Monday and Tuesday is
OVAL Developer Days and the thinking is that many of the CPE Community
will already be in town.

CPE 2.0 was released on Sep 14, 2007 and since then we have had a
number of people begin to use the standard.  This use has of course
identified areas that need to be improved within the specification.
Some of these area for improvements are:

- limited coverage (drivers, libraries, etc.)
- patches
- easier to create ids (numerical?)
- expandable metadata (tagged approach?)

I will work on a full agenda for the day in the coming weeks.  My
thought is to have the meeting start at 9AM and go until 5PM.

If you have any ideas for the meeting, or any other thoughts, please
don't hesitate to let me know.

Thanks
Drew

---------

Andrew Buttner
The MITRE Corporation
[hidden email]
781-271-3515

Drew/Group: does a group discussion at RSA make sense?  I would imagine
that a number of us will be in San Francisco at the beginning of April
for RSA.
 


Sheldon Malm
Director
Security Research & Development
nCircle Network Security

Check out the VERT daily post
http://blog.ncircle.com/vert



-----Original Message-----
From: Buttner, Drew [mailto:[hidden email]]
Sent: Tuesday, February 19, 2008 1:44 PM
To: [hidden email]
Subject: [CPE-DISCUSSION-LIST] CPE Version 3.0 Meeting -- April 30

All,

I would like to start the discussion about CPE version 3.0 at a meeting
in Bedford, MA on Wednesday April 30th.  That Monday and Tuesday is OVAL
Developer Days and the thinking is that many of the CPE Community will
already be in town.

CPE 2.0 was released on Sep 14, 2007 and since then we have had a number
of people begin to use the standard.  This use has of course identified
areas that need to be improved within the specification.
Some of these area for improvements are:

- limited coverage (drivers, libraries, etc.)
- patches
- easier to create ids (numerical?)
- expandable metadata (tagged approach?)

I will work on a full agenda for the day in the coming weeks.  My
thought is to have the meeting start at 9AM and go until 5PM.

If you have any ideas for the meeting, or any other thoughts, please
don't hesitate to let me know.

Thanks
Drew

---------

Andrew Buttner
The MITRE Corporation
[hidden email]
781-271-3515

>Drew/Group: does a group discussion at RSA make sense?  I would
imagine
>that a number of us will be in San Francisco at the beginning of April
>for RSA.

I think this could be a good idea for CPE.  MITRE (myself included)
will be at RSA and have a booth promoting CPE along with other
standards.

I would propose to meet in the lobby of the Marriott hotel (this worked
last time) at 8AM on Tuesday morning.  Go for an hour. (or two)  I
think this conflicts with some keynote speakers but not any tracks.
Expo opens at 11AM.  The only other option would be to meet Wed
morning.  Any thoughts on date/time?

As for an agenda ... I say we pick one topic and discuss it.  Maybe a
good candidate would be whether to switch to a numerical id (with no
meaning) or stay with a character based id (with meaning).  We could
take what we discuss as a jumping off point for the meeting on April
30th.  Thoughts on this?

I will send out a formal announcement for the gathering once discussion
about it is done.

Thanks
Drew

That works for me.


Sheldon Malm
Director
Security Research & Development
nCircle Network Security

Check out the VERT daily post
http://blog.ncircle.com/vert



-----Original Message-----
From: Buttner, Drew [mailto:[hidden email]]
Sent: Tuesday, February 19, 2008 3:33 PM
To: [hidden email]
Subject: Re: [CPE-DISCUSSION-LIST] CPE Version 3.0 Meeting -- April 30

>Drew/Group: does a group discussion at RSA make sense?  I would
imagine
>that a number of us will be in San Francisco at the beginning of April
>for RSA.

I think this could be a good idea for CPE.  MITRE (myself included) will
be at RSA and have a booth promoting CPE along with other standards.

I would propose to meet in the lobby of the Marriott hotel (this worked
last time) at 8AM on Tuesday morning.  Go for an hour. (or two)  I think
this conflicts with some keynote speakers but not any tracks.
Expo opens at 11AM.  The only other option would be to meet Wed morning.
Any thoughts on date/time?

As for an agenda ... I say we pick one topic and discuss it.  Maybe a
good candidate would be whether to switch to a numerical id (with no
meaning) or stay with a character based id (with meaning).  We could
take what we discuss as a jumping off point for the meeting on April
30th.  Thoughts on this?

I will send out a formal announcement for the gathering once discussion
about it is done.

Thanks
Drew

Please find the invitation and a draft agenda for the CPE Developer Day
on Wednesday April 30.  If there are additional topics you would like
to see discussed, or if you have any comments on the agenda, please
forward them along.

If you are planning on attending, please send and email to
[hidden email] as this will allow us to plan accordingly.

We will also be having an informal gathering in San Francisco during
the RSA Conference for those in attendance.  This will take place in
the lobby of the Marriott hotel at 8AM on Tuesday morning April 8th.
More details about this will be available soon, but the purpose will be
to prime the pump for the upcoming developer day.

I look forward to seeing everyone in two months!

Thanks
Drew

>-----Original Message-----
>From: Buttner, Drew [mailto:[hidden email]]
>Sent: Tuesday, February 19, 2008 1:44 PM
>To: cpe-discussion-list CPE Community Forum
>Subject: [CPE-DISCUSSION-LIST] CPE Version 3.0 Meeting -- April 30
>
>All,
>
>I would like to start the discussion about CPE version 3.0 at a
meeting

Based on the feedback last week, I have tried to touch up the agenda
for CPE Developer Day. (Wed, April 30)  In short, the change is to take
focus away from developing a new major version and more toward better
understanding the current version and discussing areas that could be
improved.

The basic agenda looks like:

- Welcome
- Overview
- Use Cases
- Official CPE Dictionary
- Areas to Improve

Note that the second half of the day is meant to discuss areas to
improve in a very general sense.  There are a lot of possible topics
and I don't expect to go too deep into any one of them.  Rather, I
think we should have a goal of better understanding the issues.  Maybe
we can determine if a minor change (version 2.x) can be made that will
help with the issue.

Please pass along any comments.

Thanks
Drew