We Speak CVE

How Red Hat's Active Participation Helps Improve the CVE Program

November 19, 2021 CVE Program Episode 10
We Speak CVE
How Red Hat's Active Participation Helps Improve the CVE Program
Show Notes

Shannon Sabens of CrowdStrike chats with Peter Allor, Fábio Olivé, and Martin Prpic of Red Hat, which is a long-time CVE Numbering Authority (CNA). The benefits of actively participating as a member of the CVE community are discussed, especially in the CVE Working Groups, which allows Red Hat to directly contribute to enhancing CVE automation and quality, as well as strategic planning for future improvements.

Specific topics include Red Hat being a resource for other CNAs, particularly for open-source vendors and projects; the industry-wide value of the upcoming CVE Record JSON Schema to be a universal vulnerability representation; automation of CNA processes and the upcoming release of CVE Services 2.0; Red Hat’s development of a free API, cvelib, for use by all CNAs that can help them interact with the automated services; and more.

CVE® - https://www.cve.org/
Red Hat - https://www.redhat.com/
CrowdStrike - https://www.crowdstrike.com/
CVE Working Groups - https://www.cve.org/ProgramOrganization/WorkingGroups
How to become a CNA - https://www.cve.org/PartnerInformation/Partner#HowToBecomeAPartner