Podcast

“We Speak CVE” is a free podcast about cybersecurity, vulnerability management, and the CVE Program. Listen as an MP3, on YouTube, and on major podcast directories such as Spotify, Stitcher, Google Podcasts, Apple Podcasts, iHeartRadio, Podcast Addict, Podchaser, Pocket Casts, Deezer, Listen Notes, Player FM, and Podcast Index, among others.


We Speak CVE podcast episode 6 - How the New CVE Record Format Is a Game Changer How the New CVE Record Format Is a Game Changer - Episode 6    YouTube | MP3

In our sixth episode, Shannon Sabens of CrowdStrike chats with Chandan Nandakumaraiah of Palo Alto Networks about how the very basic legacy format of CVE Records is being transformed for the future by adding many new optional content fields such as multiple severity scores, credit for researchers, additional languages, ability for community contributions, etc., to make CVE Records even more valuable. The use of JSON for the new format and how that enables automation for both CNA publishers and CVE content consumers are also discussed, as are the use and availability of the CVE Program’s automated CVE Numbering Authority (CNA) tools for 24/7 CVE ID assignment, CVE Record publishing, and CVE Record updating over time. In addition, Chandan discusses the highly useful and free online Vulnogram tool for CNAs that he developed, as well as the benefits of partnering with the CVE Program as a CNA and how participating in the CVE Working Groups (WG), especially the Quality (Chandan is co-chair) and Automation WGs, helps position CVE for a more automated and productive future.

We Speak CVE podcast episode 5 - Engaging with CVE’s Automated CNA Services Engaging with CVE’s Automated CNA Services - Episode 5    YouTube | MP3

In our fifth episode, David Waltermire of NVD speaks with Milind Kulkarni of a NVIDIA and Kris Britton of the CVE Program to discuss the CVE Program’s automated CVE Numbering Authority (CNA) services. Topics include the automation architecture being developed and deployed by the CVE Automation Working Group (AWG); the benefits of using JSON for the CVE Record format; how automation simplifies and increases the speed of CNA processes; the currently deployed CVE ID Reservation (IDR) service; the upcoming release of the CVE Record Submission and Upload (RSUS) service; and future automation plans.

We Speak CVE podcast episode 4 - Interview with Larry Cashdollar, A Researcher’s Perspective Interview with Larry Cashdollar A Researcher’s Perspective - Episode 4    YouTube | MP3

In our fourth episode, Kelly Todd of the CVE Program interviews security researcher Larry Cashdollar about how he got started researching vulnerabilities and his experiences over the years, how he became the CVE Program’s first-ever independent vulnerability researcher CVE Numbering Authority (CNA), best practices, and the benefits of being able to assign his own CVE IDs to the vulnerabilities he discovers.

We Speak CVE podcast episode 3 - Partnering with the CVE Program Partnering with the CVE Program - Episode 3    YouTube | MP3

In our third episode, Shannon Sabens of CrowdStrike speaks with Jo Bazar of the CVE Program, Erin Alexander of CISA ICS, and Tomo Itou of JPCERT/CC about the structure and objectives of the CVE Numbering Authority (CNA) program, what it means to be a Root and a CNA, the benefits of partnering with the CVE Program, and recommendations for organizations considering becoming a Root or CNA.

We Speak CVE podcast episode 2 - How MongoDB manages its CVEs How MongoDB Manages its CVEs - Episode 2    YouTube | MP3

In our second episode, Chris Sandulow, Boris Sieklik, and Lena Smart from MongoDB discuss their internal processes for managing CVEs, the importance of CVSS scoring to their customers, the benefits experienced from partnering with the CVE Program as a CVE Numbering Authority (CNA), and recommendations for other organizations considering becoming a CNA.

We Speak CVE podcast episode 1 - How CVE, CISA, and NIST work together to manage vulnerabilities How CVE, CISA, and NIST Work Together to Manage Vulnerabilities - Episode 1    YouTube | MP3

In our first-ever episode, Tod Beardsley of Rapid7, Tom Millar of CISA, Chris Levendis of the CVE Program, and Dave Waltermire of NIST’s NVD discuss how their organizations and the community all work together to advance the CVE Program’s mission to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.

Page Last Updated or Reviewed: July 12, 2021