64. What That Means with Camille: Risk Mitigation and Vulnerability Disclosures

<p>There are infinite vulnerabilities out there that make us susceptible to instances of cyberattack, and as of this year, we’re on track to have identified 20,000 of them. While there’s a whole risk mitigation ecosystem in place, CVE (formerly known as the Common Vulnerabilities and Exposures Program) has played a huge role in establishing a dictionary-esque database with IDs and definitions for each known vulnerability.</p> <p>On this episode of What That Means, Camille is joined by returning guest Katie Trimble-Noble (Intel - Director, PSIRT & Bug Bounty) to describe the critical nature of CVE in greater detail.</p> <p> </p> <p><span style="font-weight: 400;">They cover:</span></p> <p><span style="font-weight: 400;">-  The origins and evolution of CVE (formerly known as the Common Vulnerabilities and Exposures Program)</span></p> <p><span style="font-weight: 400;">-  Why CVE matters, and what it does and doesn’t do</span></p> <p><span style="font-weight: 400;">-  How NVD (the National Vulnerability Database) and CVSS (the Common Vulnerability Scoring System) differ from and apply to CVE</span></p> <p><span style="font-weight: 400;">-  How risk severity is actually scored</span></p> <p><span style="font-weight: 400;">-  Who and what CVE Naming Authorities (CNA) are, why they’re important, and the process of becoming one</span></p> <p><span style="font-weight: 400;">... and more. </span> <span style="font-weight: 400;">Really interesting stuff, so tune in!</span></p> <p> </p> <p><span style="font-weight: 400;">*And if you like what you hear, catch an earlier conversation Camille had with Katie in WTM Episode 26: Bug Bounty and Crowdsourced Security; Alexander (RoRo) Romero joins them for a great discussion, and you don’t want to miss it: <a href= "https://bit.ly/3mv9yVr">https://bit.ly/3mv9yVr</a></span></p> <p> </p> <p><em><span style="font-weight: 400;">The views and opinions expressed are those of the guests and author and do not necessarily reflect the official policy or position of Intel Corporation.</span>