Open Discussion - International Challenges with CVD, CNA, and CVE
CVE/FIRST VulnCon 2025 · Open Discussion
This VulnCon talk, "Open Discussion - International Challenges with CVD, CNA, and CVE," provided a critical forum for cybersecurity professionals to engage in a candid conversation about the complex landscape of **Coordinated Vulnerability Disclosure (CVD)**, the role of **CVE Numbering Authorities (CNAs)**, and the challenges associated with consuming **CVE** data. Led by Reena Rikipi from the Cybersecurity and Infrastructure Security Agency (CISA) and Tommoito from the JPCERT Coordination Center (JPCERT/CC), the session quickly evolved from a planned tabletop exercise into an interactive dialogue, reflecting the community's urgent need to address these issues collaboratively.
AI review
A panel-style open discussion at VulnCon on international CVD coordination challenges. This is firmly in the policy/process lane, not technical research, and should be judged accordingly. The session surfaces real friction points — CVD harmonization gaps across national CERTs, the 'America-centrism' critique of US-centric disclosure platforms, the Voltron decentralized protocol concept, and the CSAF machine-readability push — and the format of letting practitioners argue it out openly is appropriate for the subject matter. The problem is that most of what's said here has been circulating in…