In this episode — recorded live at “CVE/FIRST VulnCon 2024” — CVE Board member and CVE podcast host Shannon Sabens of CrowdStrike chats with the three newest CVE Board members: Madison Oliver of GitHub Security Lab, Tod Beardsley of Austin Hack

CVE Records States and Tags

25 days ago 33m 31s

Host Shannon Sabens speaks with Art Manion and Kent Landfield, all three of whom are CVE Board members and CVE Working Group (WG) chairs, about CVE Records. Discussion topics include the CVE Record Lifecycle, the three “states” of CVE Records

The Council of Roots

Jan 30th, 2024 48m 9s

Learn how CVE Numbering Authority (CNA) partners—ranging from large to small organizations, proprietary and open-source products or projects, disparate business sectors, and different geographic locations—are overseen and supported within the C

How the New CVE Record Format Will Benefit Consumers

Sep 26th, 2023 25m 41s

Shannon Sabens of CrowdStrike and Kent Landfield of Trellix, both of whom are CVE Board members and CVE Working Group chairs, speak about how the new CVE Record format — with its new structured data format and optional information fields — will

Becoming A CNA—Myths versus Facts

Jun 21st, 2023 22m 25s

Host Shannon Sabens of CrowdStrike chats with Julia Turkevich of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) about the myths and facts of partnering with the CVE Program as a CVE Numbering Authority (CNA).Truth and facts ab

Microsoft’s Journey Adopting CVE Services & CVE JSON 5.0

Mar 7th, 2023 30m 8s

Kris Britton of the CVE Program speaks with Lisa Olson of Microsoft about Microsoft’s journey adopting the new CVE Services and CVE JSON 5.0 into their vulnerability management infrastructure and how they used them for the first time as part of

Coordinated Vulnerability Disclosure

Dec 30th, 2022 23m 7s

Shannon Sabens of CrowdStrike chats with Madison Oliver of GitHub Security Lab about the recent release of OpenSSF’s “Guidance for Security Researchers to Coordinate Vulnerability Disclosures with Open Source Software Projects” document and the

CNA Mentoring Program: Members Helping Members

Oct 18th, 2022 21m 20s

Host Shannon Sabens of CrowdStrike chats with Tod Beardsley of Rapid7, who is the chair of the CVE Program's CNA Coordination Working Group (CNACWG), about the CNACWG’s "CNA Mentoring Program." Topics discussed include how CVE is a community, h

An Insider’s View of the CVE Program

Sep 27th, 2022 23m 27s

Shannon Sabens of CrowdStrike and Tod Beardsley of Rapid7, both of whom are CVE Board members and CVE Working Group chairs, chat about the CVE Program from their insider’s perspectives.Topics include the value of a federated program of CVE Numb

The Value of Assigning CVEs

Jun 14th, 2022 19m 11s

Shannon Sabens of CrowdStrike chats with Madison Oliver of GitHub Security Lab about how and why CVEs are assigned, the value of CVEs in vulnerability management, responsible coordination of vulnerability disclosures, the importance of comprehe

Researchers and PSIRTs Working Well Together

May 3rd, 2022 26m 22s

Shannon Sabens of CrowdStrike and Milind Kulkarni of a NVIDIA discuss what security researchers should expect when reporting vulnerabilities to a Product Security Incident Response Team (PSIRT); how to best to collaborate with them; how to inte

The Latest on Transitioning to CVE Services 2.1 & CVE JSON 5.0

Mar 15th, 2022 22m 44s

Lisa Olson of Microsoft and Kris Britton of the CVE Program speak with Kelly Todd of the CVE Program about the transition that’s currently underway for CVE Numbering Authorities (CNAs) to CVE Services 2.1 and CVE JSON 5.0. Their discussion incl

Enhancing CVE Records as an Authorized Data Publisher

Dec 7th, 2021 27m 45s

Kent Landfield of McAfee and Art Manion of CERT/CC discuss how the CVE Program’s upcoming release of JSON 5.0 will allow for additional and related information to be added to CVE Records after they have been published by CVE Numbering Authoriti

How Red Hat's Active Participation Helps Improve the CVE Program

Nov 20th, 2021 24m 6s

Shannon Sabens of CrowdStrike chats with Peter Allor, Fábio Olivé, and Martin Prpic of Red Hat, which is a long-time CVE Numbering Authority (CNA). The benefits of actively participating as a member of the CVE community are discussed, especiall

CVE Myths versus Facts

Oct 12th, 2021 27m 37s

Episode 9 – Three CVE Board members provide the truth and facts about the following myths about the CVE Program: Myth #1: The CVE Program is run entirely by the MITRE Corporation Myth #2: The CVE Program is controlled by software vendors Myth

CVE Working Groups, What They Are and How They Improve CVE

Sep 2nd, 2021 26m 32s

Our eighth episode is all about how community members actively engage in the six CVE Working Groups (WGs) to help improve quality, automation, processes, and other aspects of the CVE Program as it continues to grow and expand. The chairs and co

Managing Modernization and Automation Changes in the CVE Program

Aug 20th, 2021 22m 29s

Episode 7 – Kelly Todd of the CVE Program speaks with Lisa Olson of Microsoft about managing the modernization and automation changes currently underway in the CVE Program. Topics include the efforts of the newly formed CVE Transition Working G

How the New CVE Record Format Is a Game Changer

Jul 2nd, 2021 25m 14s

Episode 6 – Shannon Sabens of CrowdStrike chats with Chandan Nandakumaraiah of Palo Alto Networks about how the very basic legacy format of CVE Records is being transformed for the future by adding many new optional content fields such as multi

Engaging with CVE's Automated CNA Services

Jun 9th, 2021 32m

Episode 5 – David Waltermire of NVD speaks with Milind Kulkarni of NVIDIA and Kris Britton of the CVE Program to discuss the CVE Program's automated CVE Numbering Authority (CNA) services. Topics include the automation architecture being develo

Interview with Larry Cashdollar - A Researcher's Perspective

Apr 26th, 2021 20m 40s

Episode 4 – Kelly Todd of the CVE Program interviews security researcher Larry Cashdollar about how he got started researching vulnerabilities and his experiences over the years, how he became the CVE Program’s first-ever independent vulnerabil

Partnering with the CVE Program

Mar 31st, 2021 18m 48s

Episode 3 - Shannon Sabens of CrowdStrike speaks with Jo Bazar of the CVE Program, Erin Alexander of CISA ICS, and Tomo Itou of JPCERT/CC about the structure and objectives of the CVE Numbering Authority (CNA) program, what it means to be a Roo

How MongoDB Manages Its CVEs

Mar 1st, 2021 23m 58s

Episode 2 - Chris Sandulow, Boris Sieklik, and Lena Smart from MongoDB discuss their internal processes for managing CVEs, the importance of CVSS scoring to their customers, the benefits experienced from partnering with the CVE Program as a CVE

How CVE, CISA, and NIST work together to manage vulnerabilities

Jan 27th, 2021 22m 28s

Episode 1 - Tod Beardsley of Rapid7, Tom Millar of CISA, Chris Levendis of the CVE Program, and Dave Waltermire of NIST's NVD discuss how their organizations and the community all work together to advance the CVE Program’s mission to identify,

Rate