Episode 6 – Shannon Sabens of CrowdStrike chats with Chandan Nandakumaraiah of Palo Alto Networks about how the very basic legacy format of CVE Records is being transformed for the future by adding many new optional content fields such as multiple severity scores, credit for researchers, additional languages, ability for community contributions, etc., to make CVE Records even more valuable. The use of JSON for the new format and how that enables automation for both CNA publishers and CVE content consumers are also discussed, as are the use and availability of the CVE Program’s automated CVE Numbering Authority (CNA) tools for 24/7 CVE ID assignment, CVE Record publishing, and CVE Record updating over time. In addition, Chandan discusses the highly useful and free online Vulnogram tool for CNAs that he developed, as well as the benefits of partnering with the CVE Program as a CNA and how participating in the CVE Working Groups (WG), especially the Quality (Chandan is co-chair) and Automation WGs, helps position CVE for a more automated and productive future.
CVE® - https://cve.mitre.org/
Palo Alto Networks - https://www.paloaltonetworks.com/
CrowdStrike - https://www.crowdstrike.com/
Vulnogram - https://vulnogram.github.io/
How to become a CNA - https://cve.mitre.org/cve/cna.html#become_a_cna
CVE Working Groups - https://cve.mitre.org/working_groups.html