DiscoverWe Speak CVEThe Value of Assigning CVEs
The Value of Assigning CVEs

The Value of Assigning CVEs

Update: 2022-06-14
Share

Description

Shannon Sabens of CrowdStrike chats with Madison Oliver of GitHub Security Lab about how and why CVEs are assigned, the value of CVEs in vulnerability management, responsible coordination of vulnerability disclosures, the importance of comprehensiveness in security advisories, and why there is no stigma in a CVE. CVE Numbering Authority (CNA) scopes, disclosure policies, turnaround times, and more are discussed in general, as are GitHub’s specific CNA processes and how it helps open-source projects hosted on GitHub with their CVEs and advisories.

Madison also writes about many of these topics in her blog article, Removing the Stigma of a CVE, on the GitHub Blog.

Comments 
In Channel
The CVE Consumer Working Group (CWG)

The CVE Consumer Working Group (CWG)

2025-10-1420:45

Mapping the Root Causes of CVEs

Mapping the Root Causes of CVEs

2025-08-0523:51

25 Years of CVE and What’s Next

25 Years of CVE and What’s Next

2025-02-0447:29

CNA Onboarding Process Myths Versus Facts

CNA Onboarding Process Myths Versus Facts

2024-10-0124:33

Expected Impact of the CNA Rules 4.0

Expected Impact of the CNA Rules 4.0

2024-05-2137:40

Swimming in Vulns (or, Fun with CVE Data Analysis)

Swimming in Vulns (or, Fun with CVE Data Analysis)

2024-04-2943:32

Meet the 3 New CVE Board Members

Meet the 3 New CVE Board Members

2024-04-0925:49

CVE Records States and Tags

CVE Records States and Tags

2024-03-2633:31

The Council of Roots

The Council of Roots

2024-01-3048:09

How the New CVE Record Format Will Benefit Consumers

How the New CVE Record Format Will Benefit Consumers

2023-09-2625:41

Becoming A CNA—Myths versus Facts

Becoming A CNA—Myths versus Facts

2023-06-2122:25

Microsoft’s Journey Adopting CVE Services & CVE JSON 5.0

Microsoft’s Journey Adopting CVE Services & CVE JSON 5.0

2023-03-0730:08

Coordinated Vulnerability Disclosure

Coordinated Vulnerability Disclosure

2022-12-3023:07

An Insider’s View of the CVE Program

An Insider’s View of the CVE Program

2022-09-2723:27

The Value of Assigning CVEs

The Value of Assigning CVEs

2022-06-1419:11

Researchers and PSIRTs Working Well Together

Researchers and PSIRTs Working Well Together

2022-05-0326:22

Enhancing CVE Records as an Authorized Data Publisher

Enhancing CVE Records as an Authorized Data Publisher

2021-12-0727:45

How Red Hat's Active Participation Helps Improve the CVE Program

How Red Hat's Active Participation Helps Improve the CVE Program

2021-11-2024:06

CVE Myths versus Facts

CVE Myths versus Facts

2021-10-1227:37

CVE Working Groups, What They Are and How They Improve CVE

CVE Working Groups, What They Are and How They Improve CVE

2021-09-0226:32

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

The Value of Assigning CVEs

The Value of Assigning CVEs

CVE Program