Enhancing CVE Records as an Authorized Data Publisher

Kent Landfield of McAfee and Art Manion of CERT/CC discuss how the CVE Program’s upcoming release of JSON 5.0 will allow for additional and related information to be added to CVE Records after they have been published by CVE Numbering Authorities (CNAs). These additions — such as risk scores, affected product lists, versions, references, translations, etc. — will be made by “Authorized Data Publishers (ADPs),” which will be organizations authorized within the CVE Program to enrich the records...