We Speak CVE
A free podcast about cybersecurity, vulnerability management, and the CVE Program.
We Speak CVE
Becoming A CNA—Myths versus Facts
Host Shannon Sabens of CrowdStrike chats with Julia Turkevich of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) about the myths and facts of partnering with the CVE Program as a CVE Numbering Authority (CNA).
Truth and facts about the following myths are discussed:
Myth #1: Only a specific category of software vendors can become CNAs.
Myth #2: Organizations cannot leverage their existing vulnerability management and disclosure processes when they become a CNA.
Myth #3: The requirements for becoming a CNA are overwhelming and extensive.
Myth #4: A fee is required to become a CNA.
Myth #5: The CNA onboarding process is too complicated and time-consuming.
Myth #6: Organizations cannot choose the Top-Level Root or Root they want to work with.
The purpose and overall structure of the CVE Program and CISA's role in recruiting and managing CNAs within its Top-Level Root scope of industrial control system (ICS) and operation technology (OT) are also discussed.
LINKS: