DiscoverWe Speak CVEExpected Impact of the CNA Rules 4.0
Expected Impact of the CNA Rules 4.0

Expected Impact of the CNA Rules 4.0

Update: 2024-05-21
Share

Description

Host Shannon Sabens speaks with Art Manion and Kent Landfield, all three of whom are CVE Board members and CVE Working Group (WG) chairs, about the all-new “CVE® Numbering Authority (CNA) Operational Rules Version 4.0.” 

Topics discussed include the new fundamental concept embedded throughout the rules called the “right of refusal”; how CVE assignment is technology neutral (i.e., cloud, artificial intelligence, etc.); end-of-life assignments; the dispute process; how CNAs can add additional data to their CVE Records such as CVSS, CWE, and CPE information at the time of disclosure for use by downstream consumers; and the expected positive impact of the rules on CNAs and the vulnerability management ecosystem. 

CNA Rules v4.0 - https://www.cve.org/ResourcesSupport/AllResources/CNARules 

 

Comments 
In Channel
The CVE Consumer Working Group (CWG)

The CVE Consumer Working Group (CWG)

2025-10-1420:45

Mapping the Root Causes of CVEs

Mapping the Root Causes of CVEs

2025-08-0523:51

25 Years of CVE and What’s Next

25 Years of CVE and What’s Next

2025-02-0447:29

CNA Onboarding Process Myths Versus Facts

CNA Onboarding Process Myths Versus Facts

2024-10-0124:33

Expected Impact of the CNA Rules 4.0

Expected Impact of the CNA Rules 4.0

2024-05-2137:40

Swimming in Vulns (or, Fun with CVE Data Analysis)

Swimming in Vulns (or, Fun with CVE Data Analysis)

2024-04-2943:32

Meet the 3 New CVE Board Members

Meet the 3 New CVE Board Members

2024-04-0925:49

CVE Records States and Tags

CVE Records States and Tags

2024-03-2633:31

The Council of Roots

The Council of Roots

2024-01-3048:09

How the New CVE Record Format Will Benefit Consumers

How the New CVE Record Format Will Benefit Consumers

2023-09-2625:41

Becoming A CNA—Myths versus Facts

Becoming A CNA—Myths versus Facts

2023-06-2122:25

Microsoft’s Journey Adopting CVE Services & CVE JSON 5.0

Microsoft’s Journey Adopting CVE Services & CVE JSON 5.0

2023-03-0730:08

Coordinated Vulnerability Disclosure

Coordinated Vulnerability Disclosure

2022-12-3023:07

An Insider’s View of the CVE Program

An Insider’s View of the CVE Program

2022-09-2723:27

The Value of Assigning CVEs

The Value of Assigning CVEs

2022-06-1419:11

Researchers and PSIRTs Working Well Together

Researchers and PSIRTs Working Well Together

2022-05-0326:22

Enhancing CVE Records as an Authorized Data Publisher

Enhancing CVE Records as an Authorized Data Publisher

2021-12-0727:45

How Red Hat's Active Participation Helps Improve the CVE Program

How Red Hat's Active Participation Helps Improve the CVE Program

2021-11-2024:06

CVE Myths versus Facts

CVE Myths versus Facts

2021-10-1227:37

CVE Working Groups, What They Are and How They Improve CVE

CVE Working Groups, What They Are and How They Improve CVE

2021-09-0226:32

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

Expected Impact of the CNA Rules 4.0

Expected Impact of the CNA Rules 4.0

CVE Program