We Speak CVE
A free podcast about cybersecurity, vulnerability management, and the CVE Program.
We Speak CVE
Enhancing CVE Records as an Authorized Data Publisher
Kent Landfield of McAfee and Art Manion of CERT/CC discuss how the CVE Program’s upcoming release of JSON 5.0 will allow for additional and related information to be added to CVE Records after they have been published by CVE Numbering Authorities (CNAs). These additions — such as risk scores, affected product lists, versions, references, translations, etc. — will be made by “Authorized Data Publishers (ADPs),” which will be organizations authorized within the CVE Program to enrich the records. Also discussed are the benefits of enriched CVE Records to downstream users and the overall vulnerability management community, the use of Stakeholder-specific Vulnerability Categorization (SSVC), and plans and expectations for the upcoming ADP pilot.