Podcast

“We Speak CVE” is a free podcast about cybersecurity, vulnerability management, and the CVE Program. Listen as an MP3, on YouTube, and on major podcast directories such as Spotify, Stitcher, Google Podcasts, Apple Podcasts, iHeartRadio, Podcast Addict, Podchaser, Pocket Casts, Deezer, Listen Notes, Player FM, and Podcast Index, among others.


We Speak CVE podcast episode 8 - CVE Working Groups, What They Are and How They Improve CVE CVE Working Groups, What They Are and How They Improve CVE - Episode 8    YouTube | MP3

Our eighth episode is all about how community members actively engage in the six CVE Working Groups (WGs) to help improve quality, automation, processes, and other aspects of the CVE Program as it continues to grow and expand. The chairs and co-chairs of each WG, each of whom is an active member of the CVE community, chat about their WG’s overall mission, current work, and future plans. Discussion begins with the Transition (TWG), a temporary WG focused on managing the numerous modernization, automation, and process transitions currently underway in the CVE Program. Each of the five main WGs are then discussed in turn: Strategic Planning (SPWG), CNA Coordination (CNACWG), Quality (QWG), Automation (AWG), and Outreach and Communications (OCWG). How and why to participate, and the impact individuals can make on the program, are also included.

We Speak CVE podcast episode 7 - Managing Modernization and Automation Changes in the CVE Program Managing Modernization and Automation Changes in the CVE Program - Episode 7    YouTube | MP3

In our seventh episode, Kelly Todd of the CVE Program speaks with Lisa Olson of Microsoft about managing the modernization and automation changes currently underway in the CVE Program. Topics include the efforts of the newly formed CVE Transition Working Group (Lisa, a CVE Board member, is co-chair); automation of CVE ID assignment and CVE Record publishing for CVE Numbering Authorities (CNAs), including the availability of free APIs and other improvements on the way; the upcoming new version release of JSON for the CVE Record format to enhance the data associated with a record; the upcoming availability of program metrics for the CVE community, as well as customized dashboards for use by CNAs; the upcoming launch of a new and more modern CVE website using a new url, cve.org; among other program improvements. In addition, Lisa discusses the benefits of partnering with the CVE Program as a CNA and of being a member of the global CNA community.

We Speak CVE podcast episode 6 - How the New CVE Record Format Is a Game Changer How the New CVE Record Format Is a Game Changer - Episode 6    YouTube | MP3

In our sixth episode, Shannon Sabens of CrowdStrike chats with Chandan Nandakumaraiah of Palo Alto Networks about how the very basic legacy format of CVE Records is being transformed for the future by adding many new optional content fields such as multiple severity scores, credit for researchers, additional languages, ability for community contributions, etc., to make CVE Records even more valuable. The use of JSON for the new format and how that enables automation for both CNA publishers and CVE content consumers are also discussed, as are the use and availability of the CVE Program’s automated CVE Numbering Authority (CNA) tools for 24/7 CVE ID assignment, CVE Record publishing, and CVE Record updating over time. In addition, Chandan discusses the highly useful and free online Vulnogram tool for CNAs that he developed, as well as the benefits of partnering with the CVE Program as a CNA and how participating in the CVE Working Groups (WG), especially the Quality (Chandan is co-chair) and Automation WGs, helps position CVE for a more automated and productive future.

We Speak CVE podcast episode 5 - Engaging with CVE’s Automated CNA Services Engaging with CVE’s Automated CNA Services - Episode 5    YouTube | MP3

In our fifth episode, David Waltermire of NVD speaks with Milind Kulkarni of a NVIDIA and Kris Britton of the CVE Program to discuss the CVE Program’s automated CVE Numbering Authority (CNA) services. Topics include the automation architecture being developed and deployed by the CVE Automation Working Group (AWG); the benefits of using JSON for the CVE Record format; how automation simplifies and increases the speed of CNA processes; the currently deployed CVE ID Reservation (IDR) service; the upcoming release of the CVE Record Submission and Upload (RSUS) service; and future automation plans.

We Speak CVE podcast episode 4 - Interview with Larry Cashdollar, A Researcher’s Perspective Interview with Larry Cashdollar A Researcher’s Perspective - Episode 4    YouTube | MP3

In our fourth episode, Kelly Todd of the CVE Program interviews security researcher Larry Cashdollar about how he got started researching vulnerabilities and his experiences over the years, how he became the CVE Program’s first-ever independent vulnerability researcher CVE Numbering Authority (CNA), best practices, and the benefits of being able to assign his own CVE IDs to the vulnerabilities he discovers.

We Speak CVE podcast episode 3 - Partnering with the CVE Program Partnering with the CVE Program - Episode 3    YouTube | MP3

In our third episode, Shannon Sabens of CrowdStrike speaks with Jo Bazar of the CVE Program, Erin Alexander of CISA ICS, and Tomo Itou of JPCERT/CC about the structure and objectives of the CVE Numbering Authority (CNA) program, what it means to be a Root and a CNA, the benefits of partnering with the CVE Program, and recommendations for organizations considering becoming a Root or CNA.

We Speak CVE podcast episode 2 - How MongoDB manages its CVEs How MongoDB Manages its CVEs - Episode 2    YouTube | MP3

In our second episode, Chris Sandulow, Boris Sieklik, and Lena Smart from MongoDB discuss their internal processes for managing CVEs, the importance of CVSS scoring to their customers, the benefits experienced from partnering with the CVE Program as a CVE Numbering Authority (CNA), and recommendations for other organizations considering becoming a CNA.

We Speak CVE podcast episode 1 - How CVE, CISA, and NIST work together to manage vulnerabilities How CVE, CISA, and NIST Work Together to Manage Vulnerabilities - Episode 1    YouTube | MP3

In our first-ever episode, Tod Beardsley of Rapid7, Tom Millar of CISA, Chris Levendis of the CVE Program, and Dave Waltermire of NIST’s NVD discuss how their organizations and the community all work together to advance the CVE Program’s mission to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.

Page Last Updated or Reviewed: September 08, 2021