Date Sent: 07/17/2014 Date Completed: 07/24/2014 BALLOT: * Item 1: Add Evani Prasad to the OVAL Board * Item 2: Add Chandan M C to the OVAL Board * Item 3: Add Adam Montville to the OVAL Board OVERALL RESULTS: Item 1 (Evani Prasad): Yes: 15 No: 0 Item 2 (Chandan M C): Yes: 15 No: 0 Item 3 (Adam Montville): Yes: 15 No: 0 Total Organizations: 24 Quorum Required: 13 Total Vote: 15 INDIVIDUAL RESULTS: Organization Vote #1 #2 #3 ----------------------------------------------------------------------------------------------------------------- Assuria Limited BeyondTrust Inc. Y Y Y IBM Corporation Y Y Y INADEV Corporation Y Y Y Lancope Inc. Y Y Y jOVAL.org Y Y Y McAfee Inc. Y Y Y Modulo Y Y Y Qualys Inc. RSA Security SecPod Technologies Symantec Corporation Y Y Y ThreatGuard Inc. Y Y Y Cisco Systems Inc. Y Y Y Microsoft Corporation Red Hat Inc. Y Y Y Center for Internet Security Y Y Y DTCC Y Y Y Rockport Systems Unified Compliance Individual NIST SPAWAR Y Y Y MITRE Y Y Y ----------------------------------------------------------------------------------------------------------------- Note: A blank space in a table row above indicates the organization did not vote. BACKGROUND: Evani Prasad, Chandan M C, and Adam Montville were all nominated to the OVAL Board by MITRE. Evani and Chandan went through the normal "interview" process explaining their responsibilities to the Board. Adam, having previously been on the OVAL Board, was only asked to provide a summary of his background and interests in OVAL. All three new members intend to focus on the technical tasks within the OVAL Board. Based on the Evaluation Phase of the Adding New OVAL Board Members process, here is a quick summary for each prospect. --- Evani Prasad (HP): Evani Prasad is a Senior Engineering Manager on the Security and Compliance Service team at Hewlett Packard which provides vulnerability alerts and compliance policy updates for their Server Automation, Client Automation, and Network Automation products. Evani brings more than twenty-eight years of experience serving in various engineering and engineering management positions at Hewlett Packard, PARSoft Systems, Tata Elxsi, OMC Computers, D.S.N. Murthy & Co., and Softline Computer Services. During the call, Evani expressed interest in the technical tasks on the OVAL Board. --- Chandan M C (HP): Chandan is a software engineer and the technical lead of the Security and Compliance Service team at Hewlett Packard which provides vulnerability alerts and compliance policy updates for their Server Automation, Client Automation, and Network Automation products. Chandan is responsible for ensuring the successful implementation of requirements into these products as well as the creation of content for these products including vulnerability and compliance content, supplemental content for Microsoft patches, and vulnerability reporting content. Chandan brings more than nine years of experience in the IT industry and has held a variety of software engineering positions at Hewlett Packard and the Centre for Development of Advanced Computing. Lastly, Chandan is an active contributor to the OVAL Repository. During the call, Chandan expressed interest in the technical tasks on the OVAL Board. --- Adam Montville (Tripwire): Adam Montville is a Product Manager at Tripwire, where he has purview over Security Configuration Management products and content. Adam brings more than fifteen years of information security experience to Tripwire, where he is an integral part of the effort to deliver automation content and supporting products to Tripwire customers. Adam has become a recognized voice in the security automation community and is expanding his influence in this realm through his role as co-chair of the Internet Engineering Task Force's Security Automation and Continuous Monitoring Working Group (SACM). At SACM, Adam is collaborating with the global security community to develop a roadmap for establishing and extending existing security automation specifications as international standards. Adam began his career in the Information Security Laboratory of Oregon State University, his alma mater. He has held a variety of technical and executive-level IT and security positions in both the public and private sectors, including the Department of Defense. He presents to organizations around the world, and has received various honors and recognitions for his work, including a U.S. Patent in 2002. Adam has authored numerous technical publications and is an avid blogger on information security topics, with particular interest in control effectiveness. He is currently working on a book examining automation and paradigm change in the domain of operational risk management. Adam is primarily interested in the technical tasks on the OVAL Board, but, is also interested in advocacy and liaison tasks as it pertains to furthering the capabilities OVAL provides and how we get the capabilities satisfactorily represented in the SACM working group. ---