|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CVE at Black Hat and DEF CON
- To: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
- Subject: CVE at Black Hat and DEF CON
- From: "Adinolfi, Daniel R" <dadinolfi@mitre.org>
- Date: Thu, 10 Aug 2017 20:13:22 +0000
- Accept-language: en-US
- Authentication-results: spf=none (sender IP is 129.83.29.2) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=mitre.org;
- Delivery-date: Thu Aug 10 17:04:36 2017
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 5952c28dcc454f0789fb433d26f936ef
- Spamdiagnosticoutput: 1:2
- Thread-index: AQHTEhUdMobYk62SoEm+ARNcfuaElw==
- Thread-topic: CVE at Black Hat and DEF CON
- User-agent: Microsoft-MacOutlook/f.24.0.170702
|
Folks, Anthony Singleton and I represented the CVE program at Black Hat and DEF CON this year. Overall, the trip was successful, as our goals were to present to the DEF CON community about the
CVE program, hold a CNA Meet-up during Black Hat, and raise general awareness of CVE at both events. Anthony and I presented "CVE IDs and How to Get Them" at the Wall of Sheep at DEF CON. We had an attentive and friendly audience of about 50-60 people. We answered a number of questions,
and the technical level of our talk was correct for the crowd. We had a few people stick around and ask questions or complement our talk at the end, and CVE stickers were popular. Our presentation can be found here: <http://cve.mitre.org/CVEIDsAndHowToGetThem.pdf> The CNA Meet-up was a success as well. We had representatives from 13 CNAs from around the world. The conversation was light and friendly, and I took the opportunity to thank them for
their participation and assistance. They seemed positive about the CNA program in general. These companies were represented: Adobe Siemens Qihoo 360 JPCERT/CC Cisco Brocade Juniper Synology F5 Networks Akamai IBM HackerOne Elastic During both conferences, Anthony and I talked to dozens of vendors and vulnerability researchers. We answered questions about the program and encouraged everyone to submit CVE requests
or join the CNA program. We also talked to researchers about what information is available through CVE and encouraged them to reach out to us to discuss what other metadata may be useful for the community. As usual, I have a stack of business cards that I
will go through to keep in communication with these stakeholders. Based on the presentations and hallway conversations, there continues to be a lot of work going on in the vulnerability research space. Bug bounties were a big topic at Black Hat, and
it seems that working with bug bounty programs like HackerOne or BugCrowd will help widen the scope for CVE in an efficient way. I found that the PSIRT function was missing from a number of mid to small-sized vendors I spoke with, which would affect our CNA
expansion efforts when it comes to connecting to vendors. Please let us know if you have any questions. Thanks. -Dan and Anthony |
- Prev by Date: RE: Automation WG Git Pilot
- Next by Date: Re: Automation WG Git Pilot
- Previous by thread: RE: Automation WG Git Pilot
- Next by thread: CNA Rules Revision Phase 2 - Week 2
- Index(es):