Skip to content

Why CVE is Like the Webster’s Dictionary of Known Vulnerabilities | Intel Business

Play Video

There are infinite vulnerabilities out there that make us susceptible to instances of cyberattack, and as of this year, we’re on track to having identified 20,000 of them. While there’s a whole risk mitigation ecosystem in place, CVE (formerly known as the Common Vulnerabilities and Exposures Program) has played a huge role in establishing a dictionary-esque database with IDs and definitions for each known vulnerability.

On today’s episode of What That Means, Camille is joined by returning guest Katie Trimble-Noble (Director, PSIRT & Bug Bounty at Intel) to describe the critical nature of CVE in greater detail.

You’ll learn:

  • The origins and evolution of CVE (formerly known as the Common Vulnerabilities and Exposures Program)
  • Why CVE matters, and what it does and doesn’t do
  • How NVD (the National Vulnerability Database) and CVSS (the Common Vulnerability Scoring System) differ from and apply to CVE
  • How risk severity is actually scored Who and what CVE Naming Authorities (CNA) are, and why they’re important
  • And more

Really interesting stuff, so tune in!

And if you like what you hear, catch an earlier conversation Camille had with Katie in WTM Episode 26: Bug Bounty and Crowdsourced Security; Alexander (RoRo) Romero joins them for a great discussion, and you don’t want to miss it: