Version 2.1
This version of the CVE AWG Charter was adopted at the June 25, 2024 AWG meeting.
The CVE Automation Working Group (AWG) was established to provide a forum for developing the infrastructure, services and automation needed to support the CVE Program requirements. The AWG activities and discussions are focused on improving the tools and services being made available to the program and the community in order to better support the efficient management and operation of the CVE Program.
The AWG membership is open to the public at large; this includes any Board members, CVE Numbering Authority (CNA) representatives, Authorized Data Publishers (ADP), participants from the Secretariat's organization and interested members of the wider community. While there is no limit to the number of representatives an organization can have in the working group, any organization can only make up 25% of any recorded vote.
AWG members may have access to live and recorded meetings and other material generated by the AWG. Any materials supplied to or generated by the AWG are to be treated as TLP: Clear materials (unless otherwise explicitly noted in those materials).
There is no cap on the number of members an organization may have on the AWG, though this practice may be revisited if the size or membership mix increases to the point that it negatively impacts the ability of the AWG to make decisions or take action. With a recommendation from the AWG Chair(s), it is up to the Board and the Secretariat to determine when actions need to be taken to resize or restructure the AWG.
Members of the AWG must agree to abide by the professional conduct guidance as required by the CVE Board in the CVE Program Professional Code of Conduct.
As described in the code, any program participant may report a concern or complaint. Such complaints should be reported to the CVE Program Secretariat via the Secretariat email, [email protected].
AWG members will be considered for removal if:
- The AWG member asks to be removed.
- A current AWG member nominates the person or organization for forced removal. Forced removal may be based on lack of collegiality or professional conduct or failure to follow conventions as established in this Charter.
Once the removal process is triggered, the Secretariat will remove the identified member from the AWG mailing list and the departing member's access to other CVE AWG resources (e.g., SharePoint).
It should be understood that the development of consensus is extremely important in a forum centered on the collaborative design, development and deployment of automated capabilities. It is the responsibility of the AWG Chair(s) to facilitate the consensus process. Consensus in this case is defined by "the lack of sustained disagreement" on the issue being discussed.
Once consensus has been called by the Chair(s), the recommendations of the AWG will be submitted to the CVE Board in written form, indicating the result of the consensus and describing any difficult issues where consensus was difficult to achieve.
While most times consensus can be accurately determined on a working group call, there may be cases were consensus is not achieved. In such cases, different points of view will be documented as described above and the CVE Board will make the final determination, by vote if necessary.
In the context of pursuing consensus, from time to time, the AWG will be required to review information and provide comment. This may happen during the course of a meeting, or it may happen between meetings as decisions are pursued in the absence of a “face to face”, real time discourse.
When such reviews are required, the AWG may use a Tacit Acceptance (or silence) procedure. A member of the community (to include the AWG Chair) will provide information (or a position) to be reviewed along with a “review period”. As part of the review request, the requestor will explicitly note that the Silence Procedure is being used.
When this procedure is invoked, if by the end of the review period there are no comments received from the community, consensus on the proposal is reached and the position is adopted by the AWG. Should comments be received, they will be discussed (either in person or via email) and be resolved according to “Consensus Determination” described above.
AWG meetings are held routinely as required. The Secretariat, in conjunction with the AWG Chair(s), will establish the agenda for each meeting. AWG members are free to raise subjects during meetings that are not on the agenda for that particular meeting. The agenda, and any appropriate supporting documents, will be provided to the members prior to each meeting, and should be reviewed in advance. Actions items carried over or identified during the previous meeting should be included in the agenda sent to AWG members.
AWG progress must be reported back to the Strategic Planning WG (SPWG) and the Board on an ad hoc, Board requested, or routine basis-either through the SPWG or Board meetings, or through the email lists, as appropriate. Activities coming out of the AWG are an extension of the Board activities. The AWG needs Board approval before making changes or decisions that can either adversely or favorably affect CVE. The AWG should notify the appropriate SPWG or Board email list (public or private) whenever the WG requires this kind of change or decision.
The AWG will keep the Board apprised of what is occurring and decisions being made. The AWG will provide a periodic report-out to the Board list, ensuring any AWG decisions made are clearly identified as "recommendations" to the Board. All recommendations made need to include a consensus statement indicating the level of agreement of the AWG members, such as unanimous, majority or voted on with results included. The Board will then have an opportunity, for a timeframe specified in the report-out, to review the recommendations. If Board members have issues or questions, they are expected to ask for clarification and have the discussions needed to come to a consensus. In many cases, there may be no need for clarification or discussions. If no Board members respond within the specified timeframe, acceptance of the change, decision, or the recommendation(s) is considered approved. Silence begets acceptance.
The AWG will review the Charter when a significant change or issue is identified. If it is determined a revision is necessary, the updated language will be incorporated into a draft for review by the AWG membership. Any change to the Charter requires a voice vote on a regularly scheduled AWG call. Notice of the vote must be given two weeks in advance of the call to ensure that interested AWG members know to attend the vote.
If a revision to the charter is called for, the following steps should be taken:
- The AWG Charter document goes through a set of revisions. The number of revision cycles vary, based on the complexity of modifications needed.
- When the edits received have been incorporated, and the proposed Charter appears near-final, the Chair will issue a final call for edits via email. The email will include a date by which the final edits need to be received by the Chair.
- Once the final edits received are incorporated, a message is sent to the AWG mailing list detailing the specifics as to when the AWG will meet, and the voice vote will occur.
- When the voice vote is held, the Chair will inform the AWG list and the Board of the results of the vote.
- If the new Charter updates are voted down, then it will be sent back to the AWG for discussions and further revisions.
- If the vote indicates acceptance, the new Charter will immediately take effect and the Chair will work with the Secretariat, if needed, to update the CVE Program related resources to reflect the new AWG Charter.