The purpose of this blog is to establish a dialogue and get your input on issues and topics important to CVE. We encourage you to use Medium, LinkedIn, or Twitter to comment on, share, or like a post. Right-click and copy here to share this article from the CVE website.

CVE Global Summit – Spring 2021

Share or comment

Members of the CVE community recently gathered together virtually for the “CVE Global Summit – Spring 2021” to discuss CVE and cybersecurity, best practices, lessons learned, new opportunities, and more.

The CVE Program holds global summits twice per year, in the spring and fall. Summit participants include representatives from CVE Numbering Authorities (CNAs), CVE Board members, and CVE Working Group participants. Members of the wider cybersecurity community are welcome to participate by requesting to join one or more of these three CVE Working Groups—Automation, Outreach and Communications, and Quality—to help shape CVE work flow and other processes, as well as to attend future global summits.

A Collaborative Community Event Focused on Improving CVE

The summit is a way for the community to regularly collaborate on specific topics in a focused manner. Discussions are always informative, and many sessions result in lively and interesting discussion among community members. Sessions focused on lessons learned benefit CNAs and all community members by providing useful takeaways, while sessions focused on real-world challenges often result in creative recommendations from community member that directly impact and enhance the CVE Program.

Topics the community discussed at the “CVE Global Summit – Spring 2021” included:

Day 1

• Summit Welcome and Update on CVE Federation
• NVD’s CVMAP
• Dissecting .Net Vulnerabilities
• Enhancing CVE Identification - The Yocto Project Example
• Authoritative CVE STIX Objects
• JPCERT/CC Root Activities

Day 2

• How Red Hat operates as a CNA
• CVE JSON Schema Version 5.0
• NIS2 and CVE
• Inside the Apache CNA and How We Handle Over 300 Subprojects
• CWE, CAPEC, and ATT&CK Updates
• Considering CVEs for Malware
• Relationships Between CVE IDs and Vulnerability Abstraction

We thank everyone who participated in this two-day virtual event.

Interested in Joining the CVE Community?

You can become a member of the CVE community by joining a Working Group or by encouraging your organization to partner with the CVE Program as a CNA. CVE Working Groups that welcome members of the general public include Automation (AWG), Outreach and Communications (OCWG), and Quality (QWG).

To start the process, please use the CVE Request Web Form and select “Other” from the dropdown menu to express how you would like to be involved. We look forward to hearing from you!

Recent Posts

• Chandan Nandakumaraiah of Palo Alto Networks Joins CVE Board
• We Speak CVE Podcast: Interview with Larry Cashdollar A Researcher’s Perspective
• CVE Program Report for Q1 Calendar Year 2021
• Our CVE Story: An Open-Source, Community-Based Example (guest author)
• We Speak CVE Podcast: Partnering with the CVE Program
• More >>