Suggestion/idea for community-submitted content

> -----Original Message-----
> From: Baker, Jon [mailto:[hidden email]]
> Sent: Wednesday, August 30, 2006 8:07 AM
> To: [hidden email]
> Subject: Re: [OVAL-DISCUSSION-LIST] Suggestion/idea for community-
> submitted content
>
> Rob,
>
> We are working to improve our internal processes for handling submissions
> to
> the OVAL Repository. When processing a submission we have two conflicting
> goals: speed, and correctness. We recognize the need to get the
> definitions
> out to the community as quickly as possible to both increase the value of
> a
> new submission and facilitate community review, but we also don't want to
> compromise the quality/integrity of the OVAL Repository as a result.
>
>
> We realize that there is limit to the value we can add to a submission
> depending on the area the submission covers. For example, we can fairly
> thoroughly review most Windows content, but we can not add much value to
> HP-UX content. Recently community review of the OVAL Repository has
> greatly
> increased and there is a real need to get submissions into the OVAL
> Repository quickly so that it can be reviewed by the community. With the
> above in mind, we would like to propose the following process for the
> handling of new submissions to the OVAL Repository:
>
> 1- Initial Review of new submission
> 2- Publication of new submission
> 3- Secondary Review
> 4- Discussion of edits on oval-discussion-list
> 5- Publication of edits to OVAL Repository
>
> I have detailed these steps below:
>
> 1- Initial review:
> The initial review of a submission will ensure that it does not "break"
> any
> existing content in the OVAL Repository. Since a new submission might
> include changes to existing content we must review all the items that have
> been reused to ensure that any changes are both reasonable and properly
> reflected in the other existing OVAL Repository content. New submissions
> will be validated against the xml schema and schematron.
>
> 2- Publication of new submission:
> All new submissions to the OVAL Repository will be imported into the OVAL
> Repository and made publicly available as soon as possible after initial
> review. We will attempt to have new submission posted within 2 days. So a
> Wednesday submission could appear in the OVAL Repository by late Friday.
> All
> new submission will appear in DRAFT status.
>
> 3- Secondary review:
> This will be an ongoing process that will include checking for proper use
> of
> existing OVAL Repository content, definition metadata, and comments. All
> new
> submissions will be reviewed by MITRE for correctness.
>
> 4- Discussion of edits on oval-discussion-list:
> Any changes/issues/comments that MITRE has about a new submission will be
> publicized via the oval-discussion-list to include the community in the
> process.
>
> 5- Publication of edits to OVAL Repository:
> Once the community has agreed on a change the OVAL Repository will be
> updated as soon as possible. Note that our priority will be to get new
> submissions into the OVAL Repository as soon as possible so that new
> submissions are available to the Community. This means that at times
> publishing an agreed upon change to the OVAL Repository might be delayed
> by
> the Initial review process.
>
>
> I think that the above changes to our internal processing of submissions
> to
> the OVAL Repository would alleviate the need for a "Content Under Review"
> page. What do you think?
>
> When will we start this??? Our plan is to start working towards this
> revised
> process after we complete the review of the August patch Tuesday content
> submitted by ThreatGuard. We need to do some internal tool development to
> support this process so initially we will be a bit slower than "posted
> within 2 days". I would expect our turn around time to be around 5 working
> days. Internal tool development should be completed by the release of the
> October patch Tuesday content.
>
> Regards,
>
> Jon
>
> ============================================
> Jon Baker
> INFOSEC Eng/Scientist, Sr.
> The MITRE Corporation
> Office: 781-271-8357
> [hidden email]
>
>
> >-----Original Message-----
> >From: Robert Hollis [mailto:[hidden email]]
> >Sent: Monday, August 14, 2006 5:29 PM
> >To: oval-discussion-list OVAL Moderated Public Discussion List
> >Subject: [OVAL-DISCUSSION-LIST] Suggestion/idea for community-submitted
> >content
> >
> >What would you think of adding a "Content Under Review" section of the
> >MITRE website.  XML documents submitted by the community could be placed
> >here until they are rolled into the repository. or rejected.  The only
> >prerequisite would be for the document to validate (just a quick sanity
> >check to avoiding impeding the existing process too much).
> >
> >
> >
> >Of course, the page would be riddled with 'use at your own risk'
> warnings.
> >Comments about a document can still be submitted to the forums.
> Thoughts?
> >
> >
> >
> > -rob
> >
> > Robert L. Hollis
> > ThreatGuard, Inc.
> > Continuous Compliance Management
> > Bolt-on OVAL-5 Integration Modules
> ><http://www.threatguard.com/resources/ThreatGuardNewsRelease060701.html>
> > www.ThreatGuard.com <http://www.threatguard.com>
> >
> >
> >
> >To unsubscribe, send an email message to [hidden email] with
> >SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have
> >difficulties, write to [hidden email].
>
> To unsubscribe, send an email message to [hidden email] with
> SIGNOFF OVAL-DISCUSSION-LIST
> in the BODY of the message.  If you have difficulties, write to OVAL-
> [hidden email].