Update 2024-10-29.md

CVEProject · Oct 30, 2024 · dc7662a · dc7662a
1 parent e756989
commit dc7662a
Showing 1 changed file with 39 additions and 16 deletions.
diff --git a/meeting-notes/2024-10-29.md b/meeting-notes/2024-10-29.md
@@ -2,36 +2,59 @@
 
 ## Agenda
 
-* Update on CVE Services Schema update (CVE Record format 5.1.1) 
+* Update on CVE Services Schema 5.1.1 Implementation   
 * Top 5 Priorities for CVE Services development (from the CVE Services Triage Board)
 
 ## Notes
+### CVE Services Schema 5.1.1 Implementation
+The development team noted that they are on schedule for release of the new schema (i.e, CVE Record Format 5.1.1)  into the CVE Services Testing environment the week of November 4 for AWG/Community review/testing.  
 
+It was noted that there was general support in the TWG for extending testing the testing period to include testing with PRODUCTION data before the new schema is deployed into PRODUCTION execution environment.    This could be accomplished by releasing into the ADP environment for further testing.   There was some question on what the objective of this additional testing would accomplish.   It was decided that  this isue would be further addressed at the next TWG meeting to establish motive, objectives and framework for an additional testing period. (See Actions below)
+
+### User Story Prioritization
 * Top Issue (15 points)
-  * [Issue #274](https://github.com/orgs/CVEProject/projects/27/views/1?pane=issue&itemId=80138825&issue=CVEProject%7Ccve-services%7C1274)
+  * [Issue #1274](https://github.com/orgs/CVEProject/projects/27/views/1?pane=issue&itemId=80138825&issue=CVEProject%7Ccve-services%7C1274) Standard all timestaf values to UTC
+
+    Discussion on this User Story concluded that it should be divided into two Users Stories with the one being focused on the implementation a consistent date for CVE Records published in the future and the other focused on correcting historical data across the entire repository.    The former will continue to be the priority for implementation.   The latter will need some discussion on how and when to do this without significant impact to the downstream community.
+
 * 2nd Tier (10 Points)
-    * [Issue #1238](https://github.com/orgs/CVEProject/projects/27/views/1?pane=issue&itemId=69536176&issue=CVEProject%7Ccve-services%7C1238) NEEDS DISCUSSION.
-    * [Issue #1236](https://github.com/orgs/CVEProject/projects/27/views/1?pane=issue&itemId=69536177&issue=CVEProject%7Ccve-services%7C1236)
-    * [Issue #1096](https://github.com/orgs/CVEProject/projects/27/views/1?pane=issue&itemId=69536179&issue=CVEProject%7Ccve-services%7C1096)
+    * [Issue #1238](https://github.com/orgs/CVEProject/projects/27/views/1?pane=issue&itemId=69536176&issue=CVEProject%7Ccve-services%7C1238) Discuss adding a user deletion endpoint.
+
+      Although a high priority, this User Story still NEEDS DISCUSSION to clarify the requirements.
+    * [Issue #1236](https://github.com/orgs/CVEProject/projects/27/views/1?pane=issue&itemId=69536177&issue=CVEProject%7Ccve-services%7C1236) Update Swagger doc examples to include CVSS 4.0
+    * [Issue #1096](https://github.com/orgs/CVEProject/projects/27/views/1?pane=issue&itemId=69536179&issue=CVEProject%7Ccve-services%7C1096) Create endpoint to return CVE-IDs for CVE Records calling or has added ADP containers to
 * Third Tier (5 Points)
-    * [Issue #1279](https://github.com/CVEProject/cve-services/issues/1279)
-    * [Issue #1282](https://github.com/CVEProject/cve-services/issues/1282)  NEEDS DISCUSSION.
-    * [Issue #1258](https://github.com/CVEProject/cve-services/issues/1258)
-    * [Issue #1209](https://github.com/CVEProject/cve-services/issues/1209)
-    * [Issue #1121](https://github.com/CVEProject/cve-services/issues/1121)
-    * [Issue #1187](https://github.com/CVEProject/cve-services/issues/1287)
-    * [Issue #577](https://github.com/CVEProject/cve-services/issues/577)
+    * [Issue #1279](https://github.com/CVEProject/cve-services/issues/1279) reserve IDs for year 2025?
+    * [Issue #1282](https://github.com/CVEProject/cve-services/issues/1282)  Change API (and web site) behavior for RESERVED CVE ID
+
+      NEEDS DISCUSSION.
+    * [Issue #1258](https://github.com/CVEProject/cve-services/issues/1258) Update PUT /org endpoint to set when an Org was last active 
+    * [Issue #1209](https://github.com/CVEProject/cve-services/issues/1209) CVSS score mismatch erros shown later than other 
+    * [Issue #1121](https://github.com/CVEProject/cve-services/issues/1121) CVSS 3 score mismatch errors shown later than other errors
+    * [Issue #1187](https://github.com/CVEProject/cve-services/issues/1287) Migrate the 5.1.1 schemas
+    * [Issue #577](https://github.com/CVEProject/cve-services/issues/577) avoid January 1 failures of CVE ID reservations.
+
+* Additional Issue for Consideration:  [Issue #835](https://github.com/orgs/CVEProject/projects/27?pane=issue&itemId=69536232&issue=CVEProject%7Ccve-services%7C835) Improve and centralize error handling
+
+    This issue was brought up as an additional consideration for top issues to address.   After some discussion, it was decided that further analysis needed to be done to identify specific error messages that needed to be updated to initially improve error messaging and ultimately centralize error handling.  
+
+  Jerry Gamblin (Cisco) took on the action to perform this analysis and provide initial feedback an place it in the user story comments
 
 
 ## Decisions
 
-*
+* For Issue #1274: Break this issue up into two issues that can be implemented and tracked separately.  Issue #1274 will continue to be a top priority and will reflect a CVE Services update to ensure that all futre date fields will be published in UTC format.   The "breakout" issue will reflect the correction of historical data. 
+
+* It was decided that the AWG would request clarification for the necessity of additional community testing of the new schema release (.e.g, CVE Record Format 5.1.1) from the TWG.
 
 ## Action Items
 
-*
+[] AWG Chair/CVE Services Development team: break Issue #1274 in two separate issues: one that covers the publication of future records consistently using UTC formatted dates and one for correcting historical records
+
+[] Jerry Gamblin (Cisco): Perform an analysis of CVE User Stories and the CVE Services.
+
+[] AWG Chair: Address the TWG and request clarification on the TWG discussion about an extended testing period for Schema 5.1.1 deployment. 
 
 ## Recording
 
-Meeting recordings are available on the [AWG Groups.io platform](https://cve-cwe-programs.groups.io/g/AWG/files/MeetingRecordings).
-To become a member of the AWG (and gain access to this platform), see [Joining the AWG](https://github.com/CVEProject/automation-working-group?tab=readme-ov-file#joining-the-awg).
+This meeting was inadvertently not recorded.