Swimming in Vulns (or, Fun with CVE Data Analysis)


Episode Artwork
1.0x
0% played 00:00 00:00
Apr 29 2024 43 mins  

Host Shannon Sabens of CrowdStrike chats with Benjamin Edwards and Sander Vinberg, both of Bitsight, about analyzing vulnerability data in the CVE List. This is a follow-on to their “CVE Is The Worst Vulnerability Framework (Except For All The Others)” talk at CVE/FIRST VulnCon 2024.

Topics discussed include the types of vulnerabilities and vulnerability intelligence they reviewed and the different ways they approached the data; how CVE is a really good framework for compiling information about, and communicating effectively about, vulnerabilities; how increasing the number of CVE Numbering Authorities (CNAs) through federation has improved the quantity and quality of data produced by the program over time; how the overall quality of CVE List data will improve for the entire vulnerability management ecosystem as more CNAs include CVSS, CWE, CPE, etc., information when their CVE Records are published; and much, much, more!