Episode 9 – Three CVE Board members provide the truth and facts about the following myths about the CVE Program: 
 
 Myth #1: The CVE Program is run entirely by the MITRE Corporation
 Myth #2: The CVE Program is controlled by software vendors
 Myth #3: The CVE Program doesn’t cover enough types of vulnerabilities
 Myth #4: The CVE Program is responsible for assigning vulnerability severity scores 
 
 CVE Program – https://www.cve.org
 CVE Board – https://www.cve.org/ProgramOrganization/Board 

Our eighth episode is all about how community members actively engage in the six CVE Working Groups (WGs) to help improve quality, automation, processes, and other aspects of the CVE Program as it continues to grow and expand. The chairs and co-chairs of each WG, each of whom is an active member of the CVE community, chat about their WG’s overall mission, current work, and future plans.

Discussion begins with the Transition (TWG), a temporary WG focused on managing the numerous modernization, automation, and process transitions currently underway in the CVE Program. Each of the five main WGs are then discussed in turn: Strategic Planning (SPWG), CNA Coordination (CNACWG), Quality (QWG), Automation (AWG), and Outreach and Communications (OCWG).

How and why to participate, and the impact individuals can make on the program, are also included.

CVE WG details and membership info – https://cve.mitre.org/working_groups.html
CNAs – https://cve.mitre.org/cve/cna.html
How to become a CNA – https://cve.mitre.org/cve/cna.html#become_a_cna
CVE Board – https://cve.mitre.org/community/board/index.html
CVE Program – https://cve.mitre.org
 

Episode 7 – Kelly Todd of the CVE Program speaks with Lisa Olson of Microsoft about managing the modernization and automation changes currently underway in the CVE Program. Topics include the efforts of the newly formed CVE Transition Working Group (Lisa, a CVE Board member, is co-chair); automation of CVE ID assignment and CVE Record publishing for CVE Numbering Authorities (CNAs), including the availability of free APIs and other improvements on the way; the upcoming new version release of JSON for the CVE Record format to enhance the data associated with a record; the upcoming availability of program metrics for the CVE community, as well as customized dashboards for use by CNAs; the upcoming launch of a new and more modern CVE website using a new url, cve.org; among other program improvements. In addition, Lisa discusses the benefits of partnering with the CVE Program as a CNA and of being a member of the global CNA community.

CVE® - https://cve.mitre.org/
Microsoft - https://www.microsoft.com/
MSRC - https://microsoft.com/msrc
CVE Working Groups - https://cve.mitre.org/working_groups.html
How to become a CNA - https://cve.mitre.org/cve/cna.html#become_a_cna

Episode 6 – Shannon Sabens of CrowdStrike chats with Chandan Nandakumaraiah of Palo Alto Networks about how the very basic legacy format of CVE Records is being transformed for the future by adding many new optional content fields such as multiple severity scores, credit for researchers, additional languages, ability for community contributions, etc., to make CVE Records even more valuable. The use of JSON for the new format and how that enables automation for both CNA publishers and CVE content consumers are also discussed, as are the use and availability of the CVE Program’s automated CVE Numbering Authority (CNA) tools for 24/7 CVE ID assignment, CVE Record publishing, and CVE Record updating over time. In addition, Chandan discusses the highly useful and free online Vulnogram tool for CNAs that he developed, as well as the benefits of partnering with the CVE Program as a CNA and how participating in the CVE Working Groups (WG), especially the Quality (Chandan is co-chair) and Automation WGs, helps position CVE for a more automated and productive future.
 
CVE®  - https://cve.mitre.org/
Palo Alto Networks - https://www.paloaltonetworks.com/ 
CrowdStrike - https://www.crowdstrike.com/
Vulnogram - https://vulnogram.github.io/
How to become a CNA - https://cve.mitre.org/cve/cna.html#become_a_cna
CVE Working Groups - https://cve.mitre.org/working_groups.html 

Episode 5 – David Waltermire of NVD speaks with Milind Kulkarni of NVIDIA and Kris Britton of the CVE Program to discuss the CVE Program's automated CVE Numbering Authority (CNA) services. Topics include the automation architecture being developed and deployed by the CVE Automation Working Group (AWG); the benefits of using JSON for the CVE Record format; how automation simplifies and increases the speed of CNA processes; the currently deployed CVE ID Reservation (IDR) service; the upcoming release of the CVE Record Submission and Upload (RSUS) service; and future automation plans. 

CVE automated services on GitHub - https://github.com/CVEProject 
CVE AWG - https://cve.mitre.org/working_groups.html#awg
NVD - https://nvd.nist.gov/
NVIDIA - https://www.nvidia.com/
How to become a CNA - https://cve.mitre.org/cve/cna.html#become_a_cna

Episode 4 – Kelly Todd of the CVE Program interviews security researcher Larry Cashdollar about how he got started researching vulnerabilities and his experiences over the years, how he became the CVE Program’s first-ever independent vulnerability researcher CVE Numbering Authority (CNA), best practices, and the benefits of being able to assign his own CVE IDs to the vulnerabilities he discovers.
 
CVE - https://cve.mitre.org/
Larry Cashdollar - https://twitter.com/_larry0

Episode 3 - Shannon Sabens of CrowdStrike speaks with Jo Bazar of the CVE Program, Erin Alexander of CISA ICS, and Tomo Itou of JPCERT/CC about the structure and objectives of the CVE Numbering Authority (CNA) program, what it means to be a Root and a CNA, the benefits of partnering with the CVE Program, and recommendations for organizations considering becoming a Root or CNA.
 
CVE - https://cve.mitre.org/ 
CISA - https://www.cisa.gov/ 
CrowdStrike - https://www.crowdstrike.com/
JPCERT/CC - https://www.jpcert.or.jp/vh/index.html
How to become a CNA - https://cve.mitre.org/cve/cna.html#become_a_cna

Episode 2 - Chris Sandulow, Boris Sieklik, and Lena Smart from MongoDB discuss their internal processes for managing CVEs, the importance of CVSS scoring to their customers, the benefits experienced from partnering with the CVE Program as a CVE Numbering Authority (CNA), and recommendations for other organizations considering becoming a CNA. 

Episode 1 - Tod Beardsley of Rapid7, Tom Millar of CISA, Chris Levendis of the CVE Program, and Dave Waltermire of NIST's NVD discuss how their organizations and the community all work together to advance the CVE Program’s mission to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.