We Speak CVE

The Value of Assigning CVEs

June 14, 2022 CVE Program Episode 14
We Speak CVE
The Value of Assigning CVEs
Show Notes

Shannon Sabens of CrowdStrike chats with Madison Oliver of GitHub Security Lab about how and why CVEs are assigned, the value of CVEs in vulnerability management, responsible coordination of vulnerability disclosures, the importance of comprehensiveness in security advisories, and why there is no stigma in a CVE. CVE Numbering Authority (CNA) scopes, disclosure policies, turnaround times, and more are discussed in general, as are GitHub’s specific CNA processes and how it helps open-source projects hosted on GitHub with their CVEs and advisories.

Madison also writes about many of these topics in her blog article, Removing the Stigma of a CVE, on the GitHub Blog.