A Clarification on CVE Records with a DISPUTED Tag | allinfosecnews.com

Jan. 30, 2024, 10:04 p.m. | CVE Program Blog

Stories by CVE Program Blog on Medium medium.com

By Shannon Sabens, CVE Board member and Outreach and Communications Working Group (OCWG) Co-Chair

Several years ago, it was clear to the CVE Board that we would need a specific process for the inevitable disputes that may arise around vulnerability reporting. Potential scenarios may be obvious to many, but a basic example would be when a finder reports a potential vulnerability to a vendor/maintainer that agrees a bug exists but disagrees that it’s a potential security hole.

CVE Record Dispute …

cybersecurity information security infosec vulnerability vulnerability management

More from medium.com / Stories by CVE Program Blog on Medium

We Speak CVE Podcast — “Expected Impact of the CNA Rules 4.0” 1 week, 4 days ago | medium.com

artificial intelligence cloud computing information technology vulnerability +1

Videos from “CVE/FIRST VulnCon 2024” Now Available 2 weeks, 4 days ago | medium.com

channel cve cybersecurity global +13

CVE Record Format Version 5.1.0 and CVE Services Version 2.3.0 Now Available 3 weeks, 2 days ago | medium.com

cve cybersecurity information information security +9

CNA Rules Version 4.0 Update and Transition 3 weeks, 4 days ago | medium.com

authority board board members cna +20

Support for Legacy CVE Download Formats to End on June 30, 2024 1 month ago | medium.com

csv cve cybersecurity download +12

We Speak CVE Podcast — “Swimming in Vulns (or, Fun with CVE Data Analysis)” 1 month ago | medium.com

cybersecurity information security information technology vulnerability +1

New CVE Record Format Enables Additional Data Fields at Time of Disclosure 1 month ago | medium.com

cve cybersecurity data disclosure +14

We Speak CVE Podcast — “Meet the 3 New CVE Board Members” 1 month, 3 weeks ago | medium.com

cybersecurity information security information technology vulnerability +1

Our CVE Story: Ericsson’s Journey as a CVE Numbering Authority (CNA) 1 month, 4 weeks ago | medium.com

authority authors cna cve +26

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia

View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)

View on infosec-jobs.com