使用Player FM应用程序离线!
How the New CVE Record Format Will Benefit Consumers
Manage episode 378000500 series 2869428
Shannon Sabens of CrowdStrike and Kent Landfield of Trellix, both of whom are CVE Board members and CVE Working Group chairs, speak about how the new CVE Record format — with its new structured data format and optional information fields — will benefit and provide enhanced value to consumers of CVE content moving forward.
Specific topics discussed include how the new CVE Record format will enable more complete vulnerability information to be captured early on in the advisory process and how that will benefit consumers; the ability for CVE content consumers to streamline and more easily automate their use of CVE Records because the data format is standardized and machine-readable; the automated creation and publication of CVE Records by CVE Numbering Authorities (currently, 320+ CNAs from 35+ countries!), which means more quality CVE Records can be produced at a faster pace than ever before for use by the worldwide community; and, for the ability of official CVE Program “Authorized Data Publishers (ADPs)” to enrich the content of already published CVE Records with additional risk scores, affected product lists, versions, references, translations, and so on, (learn more about ADPs in this CVE podcast).
Vulnerability scoring methods for CVE Records are also discussed, including NVD’s use of CVSS, CISA’s Known Exploited Vulnerabilities (KEV) Catalog, and more.
20集单集
Manage episode 378000500 series 2869428
Shannon Sabens of CrowdStrike and Kent Landfield of Trellix, both of whom are CVE Board members and CVE Working Group chairs, speak about how the new CVE Record format — with its new structured data format and optional information fields — will benefit and provide enhanced value to consumers of CVE content moving forward.
Specific topics discussed include how the new CVE Record format will enable more complete vulnerability information to be captured early on in the advisory process and how that will benefit consumers; the ability for CVE content consumers to streamline and more easily automate their use of CVE Records because the data format is standardized and machine-readable; the automated creation and publication of CVE Records by CVE Numbering Authorities (currently, 320+ CNAs from 35+ countries!), which means more quality CVE Records can be produced at a faster pace than ever before for use by the worldwide community; and, for the ability of official CVE Program “Authorized Data Publishers (ADPs)” to enrich the content of already published CVE Records with additional risk scores, affected product lists, versions, references, translations, and so on, (learn more about ADPs in this CVE podcast).
Vulnerability scoring methods for CVE Records are also discussed, including NVD’s use of CVSS, CISA’s Known Exploited Vulnerabilities (KEV) Catalog, and more.
20集单集
所有剧集
×欢迎使用Player FM
Player FM正在网上搜索高质量的播客,以便您现在享受。它是最好的播客应用程序,适用于安卓、iPhone和网络。注册以跨设备同步订阅。