CNA Birds of a Feather: Open Forum with Certified Numbering Authorities
CVE/FIRST VulnCon 2025 · Open Discussion
This VulnCon Birds of a Feather session, titled "CNA Birds of a Feather: Open Forum with Certified Numbering Authorities," brought together a panel of seasoned experts from leading technology companies and a relatively new CNA to discuss the history, evolution, and current state of the **CVE Program**. Moderated by David Welch of Hero Devs, the panel included Jonathan Evans from GitHub, Lisa Olsson from Microsoft, and Scott Moore from IBM. The session aimed to demystify the **Certified Numbering Authority (CNA)** program, share insights from years of experience, and provide an open forum for questions and community engagement.
AI review
A competent, community-oriented panel session that delivers genuine historical depth and operational transparency about the CVE Program's evolution — exactly what a VulnCon Birds of a Feather slot should do. Scott Moore's firsthand account of the program's origins is legitimately valuable oral history, and the operational specifics (federation timeline, CNA governance hierarchy, quality escalation paths, tooling evolution) give practitioners something concrete to work with. It won't make headlines and won't trouble anyone's threat model, but it fills its lane honestly and serves the audience…