We Speak CVE
A free podcast about cybersecurity, vulnerability management, and the CVE Program.
We Speak CVE
(ARCHIVED) - The Latest on Transitioning to CVE Services 2.1 & CVE JSON 5.0
****IMPORTANT NOTE: The content of this episode is out of date. It has been removed from public access to avoid causing confusion for listeners.***
Lisa Olson of Microsoft and Kris Britton of the CVE Program speak with Kelly Todd of the CVE Program about the transition that’s currently underway for CVE Numbering Authorities (CNAs) to CVE Services 2.1 and CVE JSON 5.0. Their discussion includes how the new services and data format will enable effective and secure automation, improve workflows, and reduce the transaction costs of program participation for CNAs, as well as provide enhanced information in CVE Records for use by downstream consumers.
Specific topics include how the CVE Services 2.1 web application adds the CVE Record Submission and Upload Service (RSUS) for publishing CVE Records and updating them over time to the previously released CVE ID Reservation (IDR) service, and how these two services will work effectively together for CNAs. Also discussed is how the new CVE JSON 5.0 data format provides the ability for CNAs to be more consistent with handling product versioning in CVE Records, among numerous other data enhancements to CVE Records; the programmatic conversion of CVE Records from JSON 4.0 to 5.0 and what is needed from CNAs regarding their converted records; the plan for an interactive, hands-on “CVE Global Summit 2022” to make the transition to the new the services and data format easier for CNAs; the planned deployment process and schedule; and more.