CISA’s North Star Vision for the CVE Program
CVE/FIRST VulnCon 2025 · Main Stage
This panel discussion, held at VulnCon, delves into the past, present, and future of the **CVE (Common Vulnerabilities and Exposures)** program, celebrating its 25-year milestone while charting CISA's "North Star" vision for its evolution. Moderated by Sandy Radesky of CISA's vulnerability management team, the panel brings together representatives from CISA, MITRE, and the commercial security sector to discuss the critical importance of vulnerability data in cyber defense. The core of the conversation revolves around the program's transition from a phase of rapid growth and adoption to a new era focused intently on **data quality** and **completeness**.
AI review
A competent policy/program panel from credible speakers who actually run the CVE program, celebrating a 25-year milestone and laying out CISA's 'North Star' quality-over-quantity agenda. The data points — 90% CNA completeness on product/vendor fields, 85% on CWE/CVSS, the 330K projected record count — give the talk some empirical spine, and Bob Lord's invocation of the 2007 'Unforgivable Vulnerabilities' paper to indict the industry's stagnation is the most pointed moment. But the overall content stays squarely in the 'things you could have read in a CISA blog post' zone. There's no surprise…