Lifecycle of a CVE in the context of a CAN

Wednesday
 
19
 
March
, 
11:20 am
 - 
12:00 pm
Location
Derwent Room
Theme
Security Standards & Frameworks
Agenda

Speakers

Medha Mishra

Medha Mishra

Senior Application Security Engineer
Papercut Software

Synopsis

While we all rely on CVEs in the cybersecurity industry to assess impact and risk within our environments, the process of actually publishing a CVE is not very visible to most within the industry. Australia as a whole has very few organisations proactively publishing CVEs for their own software products. This session will cover how CVEs are published and who can publish them.

It will include information about:

  • How you can get CVEs published for vulnerabilities discovered in products owned by your organisations.
  • What qualifies to become a CVE.
  • Who actually approves the contents of the actual CVE listing and a quick view inside the process of publishing CVEs.
  • The CNA (CVE Numbering Authority) program that allows organisations to publish CVEs.
  • What CNAs do as part of the CNA program
  • How to and why participate in the CNA program.
View Program
View Workshops
My Agenda

Acknowledgement of Country

We acknowledge the traditional owners and custodians of country throughout Australia and acknowledge their continuing connection to land, waters and community. We pay our respects to the people, the cultures and the elders past, present and emerging.