Host Shannon Sabens of CrowdStrike chats with Benjamin Edwards and Sander Vinberg, both of Bitsight, about analyzing vulnerability data in the CVE List. This is a follow-on to their “CVE Is The Worst Vulnerability Framework (Except For All The Others)” talk at “CVE/FIRST VulnCon 2024.”
Topics discussed include the types of vulnerabilities and vulnerability intelligence they reviewed and the different ways they approached the data; how CVE is a really good framework for compiling information about, and communicating effectively about, vulnerabilities; how increasing the number of CVE Numbering Authorities (CNAs) through federation has improved the quantity and quality of data produced by the program over time; how the overall quality of CVE data will improve for the entire vulnerability management ecosystem as more CNAs include CVSS, CWE, CPE, etc., information when their CVE Records are published; and much, much, more!
LINKS:
CVE List - [ Ссылка ]
CVE Record Format - [ Ссылка ]
VulnCon 2024 data analysis talk - [ Ссылка ]
CNAs - [ Ссылка ]
Regarding CNAs including enhanced information in their CVE Records - [ Ссылка ]
CrowdStrike - [ Ссылка ]
Bitsight - [ Ссылка ]
Ещё видео!