We Speak CVE

Microsoft’s Journey Adopting CVE Services & CVE JSON 5.0

CVE Program Episode 18

Kris Britton of the CVE Program speaks with Lisa Olson of Microsoft about Microsoft’s journey adopting the new CVE Services and CVE JSON 5.0 into their vulnerability management infrastructure and how they used them for the first time as part of Microsoft’s February 2023 Patch Tuesday.

Discussion topics include the CVE JSON 5.0 schema mind map and other schema resources on GitHub; reviewing CVE JSON 5.0 records on the CVE.ORG website; using Vulnogram, or one of the other CVE Services clients, for creating, editing, and reviewing CVE JSON 5.0 records; leveraging the CVE Services Test Environment (learn more here); how separate credentials are required for the official CVE Services and the CVE Services Test Environment; learning about CVE Services and CVE JSON 5.0 updates by attending Automation Working Group (AWG), Quality Working Group (QWG), and CNA Coordination Working Group (CNACWG) meetings; leveraging the CVE Services Slack channel for support; and more.

Resources mentioned in the podcast: https://www.cve.org/Media/News/item/podcast/2023/03/08/Microsofts-Journey-CVE-Services-CVE-JSON-5