MITRE Corporation's Common Vulnerabilities and Exposures program had its board introduce a pair of new forums to strengthen the initiative's future following the Cybersecurity and Infrastructure Security Agency's last-minute decision in April to fund the program for the next 11 months, Infosecurity Magazine reports.
First of the new forums is the Consumer Working Group, which will be joined by organizations, security teams, managed security service providers, vulnerability analysts, software vendors, and other developers. "The CWG will identify consumer needs, evaluate the usability of CVE data, and recommend improvements to ensure that the CVE Program remains aligned with real-world use cases," said the CVE Board. On the other hand, the Researcher Working Group, which will have a TLP:Amber designation, would focus on creating standards for Researcher CVE Numbering Authorities. While CNAs, Authorized Data Publishers, and other stakeholders could be part of CWG, only the CVE Board and active CNA representatives working as researcher or bug bounty CNAs are allowed in RWG.
First of the new forums is the Consumer Working Group, which will be joined by organizations, security teams, managed security service providers, vulnerability analysts, software vendors, and other developers. "The CWG will identify consumer needs, evaluate the usability of CVE data, and recommend improvements to ensure that the CVE Program remains aligned with real-world use cases," said the CVE Board. On the other hand, the Researcher Working Group, which will have a TLP:Amber designation, would focus on creating standards for Researcher CVE Numbering Authorities. While CNAs, Authorized Data Publishers, and other stakeholders could be part of CWG, only the CVE Board and active CNA representatives working as researcher or bug bounty CNAs are allowed in RWG.
