Shannon Sabens of CrowdStrike chats with Peter Allor, Fábio Olivé, and Martin Prpic of Red Hat, which is a long-time CVE Numbering Authority (CNA). The benefits of actively participating as a member of the CVE community are discussed, especially in the CVE Working Groups, which allows Red Hat to directly contribute to enhancing CVE automation and quality, as well as strategic planning for future improvements.
Specific topics include Red Hat being a resource for other CNAs, particularly for open-source vendors and projects; the industry-wide value of the upcoming CVE Record JSON Schema to be a universal vulnerability representation; automation of CNA processes and the upcoming release of CVE Services 2.0; Red Hat’s development of a free API, cvelib, for use by all CNAs that can help them interact with the automated services; and more.
CVE® - https://www.cve.org/
Red Hat - https://www.redhat.com/
CrowdStrike - https://www.crowdstrike.com/
CVE Working Groups - https://www.cve.org/ProgramOrganization/WorkingGroups
How to become a CNA - https://www.cve.org/PartnerInformation/Partner#HowToBecomeAPartner