CVE Team Overview What Is CVE CVE Program Goals Who Operates CVE CVE Program Organization 2 CVE Program Goals Goal 1 Scale the CVE Program for broader adoption and coverage ID: 1019933
Download Presentation The PPT/PDF document "CVE Program Overview | 1" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
1. CVE Program Overview| 1 | CVE Team
2. OverviewWhat Is CVE?CVE Program GoalsWho Operates CVE?CVE Program Organization| 2 |
3. CVE Program GoalsGoal 1: Scale the CVE Program for broader adoption and coverageAdoption in new domains, leads to greater coverageCoverage leads to broader community participation (i.e., new CNAs and researchers), which distributes the CVE workload, enables federation, and provides greater utility to consumersGoal 2: Produce more CVE Records, faster (i.e., the drive towards real-time)More CVE Records (formerly called “CVE Entries”) are produced as additional CNAs are onboardedFaster CVE Record population due to less complexity, clear guidelines, and flexible/automated infrastructure enables early stage vulnerability management/coordination and effective cyber hygiene | 3 |
4. | 4 |What Is CVE?CVE® is an international, community-based effort that maintains a community-driven, open data registry of publicly known cybersecurity vulnerabilities (CVE List)The CVE Identifiers (CVE IDs) assigned through the registry enable program stakeholders to rapidly discover and correlate vulnerability information used to protect systems against attacksCVE IDs are assigned by CVE Numbering Authorities (CNAs), which are operated on a voluntary basis by participating organizationsCVE is the de facto international standard for identifying vulnerabilitiesThe CVE List feeds the U.S. National Vulnerability Database (NVD)
5. | 5 |Who Operates CVE?The MITRE Corporation operates the CVE Program, which is funded by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Vulnerability Management Component (VMC)The MITRE Corporation is funded to operate and evolve the CVE Program as an independent, objective third party:EvolveTransition from a hub-and-spoke to a federated governance and operational model to keep pace with the proliferation of vulnerabilitiesModernize the program infrastructureOperateProduce CVE Records for products not covered by another CVE Numbering Authority (CNA)Adjudicate disputes for CVE Records and CNA scope issuesEstablish and implement operational guidanceMaintain the program infrastructureModerate stakeholder discussions
6. CVE Program Organization| 6 |
7. | 7 |CVE BoardCVE BoardDHS CISA (Sponsor Organization)MITRE (Top-Level Root, Secretariat, CNA-LR)Sub-CNASub-CNARoot CNASub-CNASub-CNASub-CNASub-CNASub-CNASub-CNA
8. | 8 |Program SponsorCVE BoardDHS CISA VMC (Sponsor Organization)MITRE (Top-Level Root, Secretariat, CNA-LR)Sub-CNASub-CNARootSub-CNASub-CNASub-CNASub-CNASub-CNASub-CNA
9. | 9 |Top-Level Root (formerly “Program Root”), Secretariat, CNA-LRCVE BoardDHS CISA VMC (Sponsor Organization)MITRE (Top-Level Root, Secretariat, CNA-LR)Sub-CNASub-CNARootSub-CNASub-CNASub-CNASub-CNASub-CNASub-CNA
10. | 10 |Root CNACVE BoardDHS CISA (Sponsor Organization)MITRE (Top-Level Root, Secretariat, CNA-LR)Sub-CNASub-CNARootSub-CNASub-CNASub-CNASub-CNASub-CNASub-CNA
11. | 11 |Sub-CNACVE BoardDHS CISA (Sponsor Organization)MITRE (Top-Level Root, Secretariat, CNA-LR)Sub-CNASub-CNARootSub-CNASub-CNASub-CNASub-CNASub-CNASub-CNA
12. Conclusion| 12 |