Kent Landfield of McAfee and Art Manion of CERT/CC discuss how the CVE Program’s upcoming release of JSON 5.0 will allow for additional and related information to be added to CVE Records after they have been published by CVE Numbering Authorities (CNAs). These additions — such as risk scores, affected product lists, versions, references, translations, etc. — will be made by “Authorized Data Publishers (ADPs),” which will be organizations authorized within the CVE Program to enrich the records. Also discussed are the benefits of enriched CVE Records to downstream users and the overall vulnerability management community, the use of Stakeholder-specific Vulnerability Categorization (SSVC), and plans and expectations for the upcoming ADP pilot.
CVE Program –
https://www.cve.org/ JSON 5.0 –
https://github.com/CVEProject/cve-schema CERT/CC –
https://www.cert.org/ McAfee –
https://www.mcafee.com/ How to Partner with the CVE Program –
https://www.cve.org/PartnerInformation/Partner#HowToBecomeAPartner