Date Sent: 11/13/2013 Date Completed: 11/20/2013 Ballot: * Item 1: Add David Solin to the OVAL Board * Item 2: Add Jack Vander Pol to the OVAL Board * Item 3: Add Jamie Cromer to the OVAL Board Overall Results: Item 1 (David Solin): Yes: 14 No: 0 Abstain: 0 Item 2 (Jack Vander Pol): Yes: 14 No: 0 Abstain: 0 Item 3 (Jamie Cromer): Yes: 13 No: 0 Abstain: 1 Total Organizations: 26 Quorum Required: 14 Total Vote: 14 Individual Results: Organization Vote (Item 1) Vote (Item 2) Vote (Item 3) ------------------------------------------------------------------------------------------------------ Assuria Limited BeyondTrust, Inc. Y Y Y IBM Corporation INADEV Corporation Y Y Y Lancope, Inc. ------------------------------------------------------------------------------------------------------ McAfee, Inc. Y Y Y Modulo Y Y Y Qualysys, Inc. RSA Security Y Y Y Harris Corporation ------------------------------------------------------------------------------------------------------ SecPod Technologies Symantec Corporation Y Y Y ThreatGuard, Inc. Y Y Y Cisco Systems, Inc. Microsoft Corporation ------------------------------------------------------------------------------------------------------ Red Hat, Inc. Y Y Y Center for Internet Security Y Y A Depository Trust & Clearing Corporation (DTCC) Y Y Y Rockport Systems Y Y Y Unified Compliance Y Y Y ------------------------------------------------------------------------------------------------------ Nils Puhlmann (individual) National Institute of Standards and Technology Y Y Y NetClarity Lumension Security, Inc. Episteme ------------------------------------------------------------------------------------------------------ MITRE Corporation Y Y Y ------------------------------------------------------------------------------------------------------ Background: David Solin and Jack Vander Pol were nominated by MITRE as potential OVAL Board prospects because of their active involvement in the community. Jamie Cromer was nominated by Scott Armstrong as a potential OVAL Board member for Symantec when he transitioned from Symantec to INADEV. Based on the Evaluation Phase of the Adding New OVAL Board Members process, here is a quick summary for each prospect. -- David Solin (jOVAL): David is the project lead for jOVAL. Since David joined the OVAL community, he has been very active on the oval-developer-list asking detailed questions about ambiguities in the language, helping others with their questions, reviewing changes to the language, and proposing new features. Furthermore, he has led multiple Developer Days sessions introducing new experimental features to the language including adding support for Juniper JunOS, NETCONF, and tests for checking Windows license information and system metrics. In addition to the primary responsibilities for every OVAL Board member, David expressed that he would be interested in participating in the Technical Tasks. He also expressed that his primary objective on the OVAL Board would be to help grow OVAL’s capabilities and expand its usefulness across its use cases. David is also active in the broader SCAP community. -- Jack Vander Pol (SPAWAR): Jack is the project manager for the SPAWAR SCAP Compliance Checker and other teams that provide policy, SCAP content development, and compliance software support to various government agencies. Jack is also leading an effort to improve the MITRE OVAL Test Content. With this, Jack brings a lot of experience in working with government requirements and developing a product that is focused on satisfying their specific needs. Jack and his teams are also active in the SCAP and OVAL communities and have led Developer Days sessions and made contributions to the OVAL Language Sandbox to address the issues with evaluating HKCU registry keys. During the call, Jack expressed that he would like to serve on the OVAL Board to help advance the effort and gain insight into what was coming down the road. Lastly, Jack mentioned that he would be interested in focusing on the Technical Tasks in addition to the primary responsibilities of OVAL Board members. -- Jamie Cromer (Symantec): Jamie is a Senior Experience and Regional Product Manager at Symantec who is responsible for the success of products including Symantec’s Control Compliance Suite and Critical System Protection among others in the East Coast of the United States, Canada, and the public sector. In this role, Jamie is focused on the end-to-end product experience of users. Jamie also has quite a bit of experience as a sales engineer and is familiar with a variety of security technologies. During the call, Jamie expressed that he would be most interested in the strategic side of things and would like to focus on the Liaison Tasks given that in his role he works very closely with customers and can reach back to his development teams. --