There are infinite vulnerabilities out there that make us susceptible to instances of cyberattack, and as of this year, we’re on track to having identified 20,000 of them. While there’s a whole risk mitigation ecosystem in place, CVE (formerly known as the Common Vulnerabilities and Exposures Program) has played a huge role in establishing a dictionary-esque database with IDs and definitions for each known vulnerability.
On today’s episode of What That Means, Camille is joined by returning guest Katie Trimble-Noble (Director, PSIRT & Bug Bounty at Intel) to describe the critical nature of CVE in greater detail.
- The origins and evolution of CVE (formerly known as the Common Vulnerabilities and Exposures Program)
- Why CVE matters, and what it does and doesn’t do
- How NVD (the National Vulnerability Database) and CVSS (the Common Vulnerability Scoring System) differ from and apply to CVE
- How risk severity is actually scored Who and what CVE Naming Authorities (CNA) are, and why they’re important
- And more
Really interesting stuff, so tune in!
And if you like what you hear, catch an earlier conversation Camille had with Katie in WTM Episode 26: Bug Bounty and Crowdsourced Security; Alexander (RoRo) Romero joins them for a great discussion, and you don’t want to miss it: https://bit.ly/3mv9yVr