Members of the CVE community recently gathered together virtually for the “CVE Global Summit Fall 2021” to discuss CVE and cybersecurity, best practices, lessons learned, new opportunities, and more.

The CVE Program holds global summits twice per year, in the spring and fall. Summit participants include representatives from CVE Numbering Authorities (CNAs), CVE Board members, and CVE Working Groups (WGs) participants. Members of the wider cybersecurity community are welcome to participate by requesting to join one or more of these three CVE Working Groups — Automation, Outreach and Communications, and Quality — to help shape CVE work flow and other processes, as well as to attend future global summits.

A Collaborative Community Event Focused on Improving CVE

The summit is a way for the community to regularly collaborate on specific topics in a focused manner. Discussions are always informative and many sessions result in lively and interesting discussion among community members. Sessions focused on lessons learned benefit CNAs and all community members by providing useful takeaways, while sessions focused on real-world challenges often result in creative recommendations from community member that directly impact and enhance the CVE Program.

Topics the community discussed at the “CVE Global Summit Fall 2021” included:

Day 1

• Introduction & State of the CVE Program – current status, improvements, and other advancements that the program has achieved this year
• CNA Workshop: “CVE Services 2.x for End Users” – using the new CVE Services 2.x, focusing on end users; using JSON 5.0; using the APIs; and more
• Enabling the Future for the CVE Program – a presentation about the longer-term goals of automation and how it enables the federated CVE model’s operations
• SSVC ADP Pilot – the purpose of this session is to describe the “CVE Authorized Data Publisher (ADP) Pilot” that is preparing to start, including describing the approach the overall pilot is taking, the use of stakeholder-specific vulnerability (SSVC), description of SSVC, and the intended outcomes
• CVE Program Listening Session: Right, Wrong, Up, & Down – an open, timed forum of topics relevant to the CVE Program

Day 2

• Root Roundup Discussion Panel – Top-Level Roots and Roots discuss what they have what have learned about, and needs they may, have from the program
• Working Group Highlights – highlights from the CVE Working Groups (WGs), what they do and how to get involved: Automation (AWG); CNA Coordination (CNACWG); Outreach and Communications (OCWG); Quality (QWG); Strategic Planning (SPWG); and the temporary Transition (TWG)
• Open Discussion on Program Topics – moderated discussions about a variety of topics of concern to the assembled CNAs

We thank everyone who participated in this two-day virtual event.

Interested in Joining the CVE Community?

You can become a member of the CVE community by joining a Working Group or by encouraging your organization to partner with the CVE Program as a CNA. CVE Working Groups that welcome members of the general public include Automation, Outreach and Communications, and Quality.

To start the process, please use the CVE Program Request forms and select “Other” from the dropdown menu to express how you’d like to be involved. We look forward to hearing from you!