Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Player FM - Internet Radio Done Right
Checked 3M ago
Menambahkan four tahun yang lalu
Konten disediakan oleh CVE Program. Semua konten podcast termasuk episode, grafik, dan deskripsi podcast diunggah dan disediakan langsung oleh CVE Program atau mitra platform podcast mereka. Jika Anda yakin seseorang menggunakan karya berhak cipta Anda tanpa izin, Anda dapat mengikuti proses yang diuraikan di sini https://id.player.fm/legal.
Mirip dengan We Speak CVE
T
There’s a Better Way: Smart Talk on Healthcare and Technology
1
There’s a Better Way: Smart Talk on Healthcare and Technology
Surescripts
12k
30
The American healthcare system is one of the most innovative in the world. But it’s also riddled with complex challenges, such as access to affordable medications, inefficiency and administrative burdens, and communication barriers between providers. There’s clearly a better way—and at Surescripts, we have a unique sightline into what that may be. In this series, host Melanie Marcus, Chief Marketing Officer of Surescripts, sits down with today’s most inspiring and innovative leaders in healt ...
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Investor Shayle Kann is asking big questions about how to decarbonize the planet: How cheap can clean energy get? Will artificial intelligence speed up climate solutions? Where is the smart money going into climate technologies? Every week on Catalyst, Shayle explains the world of climate tech with prominent experts, investors, researchers, and executives. Produced by Latitude Media.
…
continue reading
D
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
TechStuff is getting a system update. Everything you love about Tech Stuff now twice the bandwidth with new hosts, Oz Woloshyn (Sleepwalkers) and Karah Preiss (Sleepwalkers). Oz and Karah bring humour and wit to the table as they break down what's happening in tech...and what it says about us. TechStuff is the podcast where technology meets culture. We speak to the folks building the future to understand what tomorrow will look like and how our technology is changing us: how we live, how we ...
…
continue reading
W
What Next: TBD | Tech, power, and the future
1
What Next: TBD | Tech, power, and the future
Slate Podcasts
11k568
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
A tech podcast for the gadget lovers and tech heads among us from the mind of Marques Brownlee, better known as MKBHD. MKBHD has made a name for himself on YouTube reviewing everything from the newest smartphones to cameras to electric cars. Pulling from over 10 years of experience covering the tech industry, MKBHD and co-hosts Andrew Manganelli and David Imel will keep you informed and entertained as they take a deep dive into the latest and greatest in tech and what deserves your hard earn ...
…
continue reading
Player FM - Aplikasi Podcast
Offline dengan aplikasi Player FM !
Offline dengan aplikasi Player FM !
))
Daily Deals
Podcast Layak Disimak
DISPONSORI
<
<div class="span index">1</div> <span><a class="" data-remote="true" data-type="html" href="/series/all-about-change">All About Change</a></span>
How do we build an inclusive world? Hear intimate and in-depth conversations with changemakers on disability rights, youth mental health advocacy, prison reform, grassroots activism, and more. First-hand stories about activism, change, and courage from people who are changing the world: from how a teen mom became the Planned Parenthood CEO, to NBA player Kevin Love on mental health in professional sports, to Beetlejuice actress Geena Davis on Hollywood’s role in women’s rights. All About Change is hosted by Jay Ruderman, whose life’s work is seeking social justice and inclusion for people with disabilities worldwide. Join Jay as he interviews iconic guests who have gone through adversity and harnessed their experiences to better the world. This show ultimately offers the message of hope that we need to keep going. All About Change is a production of the Ruderman Family Foundation. Listen and subscribe to All About Change wherever you get podcasts. https://allaboutchangepodcast.com/
We Speak CVE
Tandai semua (belum/sudah) diputar ...
Manage series 2869428
Konten disediakan oleh CVE Program. Semua konten podcast termasuk episode, grafik, dan deskripsi podcast diunggah dan disediakan langsung oleh CVE Program atau mitra platform podcast mereka. Jika Anda yakin seseorang menggunakan karya berhak cipta Anda tanpa izin, Anda dapat mengikuti proses yang diuraikan di sini https://id.player.fm/legal.
A free podcast about cybersecurity, vulnerability management, and the CVE Program.
21 episode
Bagikan
Tandai semua (belum/sudah) diputar ...
Manage series 2869428
Konten disediakan oleh CVE Program. Semua konten podcast termasuk episode, grafik, dan deskripsi podcast diunggah dan disediakan langsung oleh CVE Program atau mitra platform podcast mereka. Jika Anda yakin seseorang menggunakan karya berhak cipta Anda tanpa izin, Anda dapat mengikuti proses yang diuraikan di sini https://id.player.fm/legal.
A free podcast about cybersecurity, vulnerability management, and the CVE Program.
21 episode
Semua episode
×
W
We Speak CVE
Host Shannon Sabens speaks with fellow CVE Board members Kent Landfield and Madison Oliver and CVE Program Lead Alec Summers about the 25th anniversary of the CVE Program . Topics include the history of the program, the program today, and what’s next.
W
We Speak CVE
1 CNA Onboarding Process Myths Versus Facts 24:33
24:33 
Putar Nanti 
Putar Nanti 
Daftar 
Suka 
Menyukai24:33
Putar Nanti Putar Nanti Daftar Suka MenyukaiShannon Sabens of CrowdStrike chats with Dave Morse, program coordination lead for the CVE Program , about the myths and facts of the CVE Numbering Authority (CNA) partner onboarding process. Truth and facts about the following topics are discussed: duration and complexity of the onboarding process; the fact that there is no fee to participate; ease of incorporating assigning CVE Identifiers (CVE IDs) and publishing CVE Records into an organization’s existing coordinated vulnerability disclosure (CVD) processes; availability of automated tools for CNAs; the CVE JSON Record format and available guidance; role of Roots and Top-Level Roots and how they help CNAs; importance of CNAs determining their own scopes ; disclosure policies; the community aspect of being a CNA and the availability of peer support; the value of CNAs participating in one or more CVE Working Groups , especially the CNA Organization of Peers (COOP) ; and much more!…
W
We Speak CVE
Host Shannon Sabens speaks with Art Manion and Kent Landfield, all three of whom are CVE Board members and CVE Working Group (WG) chairs, about the all-new “ CVE® Numbering Authority (CNA) Operational Rules Version 4.0 .” Topics discussed include the new fundamental concept embedded throughout the rules called the “right of refusal”; how CVE assignment is technology neutral (i.e., cloud, artificial intelligence, etc.); end-of-life assignments; the dispute process; how CNAs can add additional data to their CVE Records such as CVSS, CWE, and CPE information at the time of disclosure for use by downstream consumers; and the expected positive impact of the rules on CNAs and the vulnerability management ecosystem. CNA Rules v4.0 - https://www.cve.org/ResourcesSupport/AllResources/CNARules…
W
We Speak CVE
1 Swimming in Vulns (or, Fun with CVE Data Analysis) 43:32
43:32 Putar Nanti Putar Nanti Daftar Suka Menyukai43:32
Putar Nanti Putar Nanti Daftar Suka MenyukaiHost Shannon Sabens of CrowdStrike chats with Benjamin Edwards and Sander Vinberg, both of Bitsight , about analyzing vulnerability data in the CVE List . This is a follow-on to their “ CVE Is The Worst Vulnerability Framework (Except For All The Others) ” talk at CVE/FIRST VulnCon 2024 . Topics discussed include the types of vulnerabilities and vulnerability intelligence they reviewed and the different ways they approached the data; how CVE is a really good framework for compiling information about, and communicating effectively about, vulnerabilities; how increasing the number of CVE Numbering Authorities (CNAs) through federation has improved the quantity and quality of data produced by the program over time; how the overall quality of CVE List data will improve for the entire vulnerability management ecosystem as more CNAs include CVSS , CWE , CPE , etc., information when their CVE Records are published ; and much, much, more!…
W
We Speak CVE
In this episode — recorded live at “ CVE/FIRST VulnCon 2024 ” — CVE Board member and CVE podcast host Shannon Sabens of CrowdStrike chats with the three newest CVE Board members: Madison Oliver of GitHub Security Lab, Tod Beardsley of Austin Hackers Anonymous (AHA!), and MegaZone of F5 who joins as the new CVE Numbering Authority (CNA) Liaison to the Board. Topics include how and why each new member joined the board, the impact that participating in CVE Working Groups had on their decisions to become Board members, how federation and the ongoing addition of new CNA partners has significantly improved the CVE Program, how the program is voluntary, and how those who participate have the ability to make significant impacts in improving vulnerability management at an international level, and more.…
W
We Speak CVE
Host Shannon Sabens speaks with Art Manion and Kent Landfield, all three of whom are CVE Board members and CVE Working Group (WG) chairs, about CVE Records . Discussion topics include the CVE Record Lifecycle , the three “states” of CVE Records (RESERVED, PUBLISHED, and REJECTED), the current “tags” in use with CVE Records (EXCLUSIVELY-HOSTED-SERVICE; UNSUPPORTED-WHEN-ASSIGNED; and DISPUTED), the difference between the REJECTED state and the DISPUTED tag, how a DISPUTED tag can be temporary or indefinite, and much more.…
Learn how CVE Numbering Authority (CNA) partners—ranging from large to small organizations, proprietary and open-source products or projects, disparate business sectors, and different geographic locations—are overseen and supported within the CVE Program by “ Top-Level Roots ” and “ Roots .” Topics include the roles and responsibilities of the two different types of Roots; how their work benefits the CNAs under their care; how they recruit new CNA partners, including suggestions for addressing upper management concerns if a CNA prospect organization is hesitant to partner as a CNA; how they work with and support their CNAs over time; how the “Council of Roots” works together to enhance and help improve the program overall; and much more. All current CVE Program Top-Level Roots and Roots are represented in this podcast. In addition to host Shannon Sabens of CrowdStrike , speakers include Julia Turkevich of the CISA Top-Level Root and CISA ICS Root , Dave Morse of the MITRE Top-Level Root , Cristian Cadenas Sarmiento of the INCIBE Root , Paul Dev of the Google Root , Tomo Ito of the JPCERT/CC Root , and Yogesh Mittal of the Red Hat Root . LINKS: Benefits of being a CNA partner How to become a CNA partner Partner onboarding process List of current CNA partners…
W
We Speak CVE
1 How the New CVE Record Format Will Benefit Consumers 25:41
25:41 Putar Nanti Putar Nanti Daftar Suka Menyukai25:41
Putar Nanti Putar Nanti Daftar Suka MenyukaiShannon Sabens of CrowdStrike and Kent Landfield of Trellix , both of whom are CVE Board members and CVE Working Group chairs, speak about how the new CVE Record format — with its new structured data format and optional information fields — will benefit and provide enhanced value to consumers of CVE content moving forward. Specific topics discussed include how the new CVE Record format will enable more complete vulnerability information to be captured early on in the advisory process and how that will benefit consumers; the ability for CVE content consumers to streamline and more easily automate their use of CVE Records because the data format is standardized and machine-readable; the automated creation and publication of CVE Records by CVE Numbering Authorities (currently, 320+ CNAs from 35+ countries!), which means more quality CVE Records can be produced at a faster pace than ever before for use by the worldwide community; and, for the ability of official CVE Program “Authorized Data Publishers (ADPs)” to enrich the content of already published CVE Records with additional risk scores, affected product lists, versions, references, translations, and so on, (learn more about ADPs in this CVE podcast ). Vulnerability scoring methods for CVE Records are also discussed, including NVD’s use of CVSS , CISA’s Known Exploited Vulnerabilities (KEV) Catalog , and more.…
W
We Speak CVE
Host Shannon Sabens of CrowdStrike chats with Julia Turkevich of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) about the myths and facts of partnering with the CVE Program as a CVE Numbering Authority (CNA) . Truth and facts about the following myths are discussed: Myth #1: Only a specific category of software vendors can become CNAs. Myth #2: Organizations cannot leverage their existing vulnerability management and disclosure processes when they become a CNA. Myth #3: The requirements for becoming a CNA are overwhelming and extensive. Myth #4: A fee is required to become a CNA. Myth #5: The CNA onboarding process is too complicated and time-consuming. Myth #6: Organizations cannot choose the Top-Level Root or Root they want to work with. The purpose and overall structure of the CVE Program and CISA's role in recruiting and managing CNAs within its Top-Level Root scope of industrial control system (ICS) and operation technology (OT) are also discussed. LINKS: How to Become a CNA CNA Onboarding Process Overview CVE Program Structure CISA ICS Top-Level Root partner details page List of CVE Program Partners…
W
We Speak CVE
1 Microsoft’s Journey Adopting CVE Services & CVE JSON 5.0 30:08
30:08 Putar Nanti Putar Nanti Daftar Suka Menyukai30:08
Putar Nanti Putar Nanti Daftar Suka MenyukaiKris Britton of the CVE Program speaks with Lisa Olson of Microsoft about Microsoft’s journey adopting the new CVE Services and CVE JSON 5.0 into their vulnerability management infrastructure and how they used them for the first time as part of Microsoft’s February 2023 Patch Tuesday. Discussion topics include the CVE JSON 5.0 schema mind map and other schema resources on GitHub ; reviewing CVE JSON 5.0 records on the CVE.ORG website ; using Vulnogram , or one of the other CVE Services clients , for creating, editing, and reviewing CVE JSON 5.0 records; leveraging the CVE Services Test Environment (learn more here ); how separate credentials are required for the official CVE Services and the CVE Services Test Environment; learning about CVE Services and CVE JSON 5.0 updates by attending Automation Working Group (AWG) , Quality Working Group (QWG) , and CNA Coordination Working Group (CNACWG) meetings; leveraging the CVE Services Slack channel for support; and more. Resources mentioned in the podcast: https://www.cve.org/Media/News/item/podcast/2023/03/08/Microsofts-Journey-CVE-Services-CVE-JSON-5…
W
We Speak CVE
Shannon Sabens of CrowdStrike chats with Madison Oliver of GitHub Security Lab about the recent release of OpenSSF ’s “ Guidance for Security Researchers to Coordinate Vulnerability Disclosures with Open Source Software Projects ” document and the important step of obtaining a CVE ID in the coordinated vulnerability disclosure process for open-source vulnerabilities. OpenSSF is a “cross-industry organization that brings together the industry’s most important open source security initiatives and the individuals and companies that support them.” The CVD Guide was released by OpenSSF’s Vulnerability Disclosure working group in September 2022, which in 2021 released its “ Guide to Implementing a Coordinated Vulnerability Disclosure Process for Open Source Projects ” document, both of which are discussed by Shannon and Madison. Other discussion topics in this episode include the importance of finders (e.g., security researchers, hackers, academics, bug bounty hunters, etc.) in vulnerability management, how finders can expedite their requests to software owners with quality information in their initial requests, OpenSSF’s vulnerability report template and how using it can help with requests, importance of obtaining a CVE ID for open source and all vulnerabilities, best practices for working with CVE Numbering Authorities (CNAs) , managing expectations for turnaround times, the CVE Program’s CVE Record Dispute Policy , why all participants should remember that they are interacting with people in all aspects of the vulnerability management process, and more. LINKS: OpenSSF CVD Guide – https://github.com/ossf/oss-vulnerability-guide/blob/main/finder-guide.md#readme OpenSSF vulnerability report template – https://github.com/ossf/oss-vulnerability-guide/blob/main/templates/notifications/disclosure.md OpenSSF Implementing a CVD Process Guide – https://github.com/ossf/oss-vulnerability-guide/blob/main/maintainer-guide.md#readme CVE Record Dispute Policy – https://www.cve.org/Resources/General/Policies/CVE-Record-Dispute-Policy.pdf CNAs – https://www.cve.org/ProgramOrganization/CNAs…
W
We Speak CVE
Shannon Sabens of CrowdStrike and Tod Beardsley of Rapid7 , both of whom are CVE Board members and CVE Working Group chairs, chat about the CVE Program from their insider’s perspectives. Topics include the value of a federated program of CVE Numbering Authorities (CNAs) from around the world for increased assignment of CVE Records ; the upside and minimal requirements to becoming a CNA; the types of organizations that are CNAs; how CNAs are a community with a mentoring program; how CNAs assigning CVE Identifiers (CVE IDs) benefits the global IT community; CVE versus NVD ; how CNAs impact the program by participating in CVE Working Groups, be it for one-off or longer-term contributions; and how the CVE Program is about people working to improve cybersecurity for all. Tod also writes about many of these topics in his article, An Inside Look at What Makes the CVE Program Tick , on SCMagazine.…
W
We Speak CVE
Shannon Sabens of CrowdStrike chats with Madison Oliver of GitHub Security Lab about how and why CVEs are assigned, the value of CVEs in vulnerability management, responsible coordination of vulnerability disclosures, the importance of comprehensiveness in security advisories, and why there is no stigma in a CVE. CVE Numbering Authority (CNA) scopes, disclosure policies, turnaround times, and more are discussed in general, as are GitHub’s specific CNA processes and how it helps open-source projects hosted on GitHub with their CVEs and advisories. Madison also writes about many of these topics in her blog article, Removing the Stigma of a CVE , on the GitHub Blog.…
W
We Speak CVE
1 Researchers and PSIRTs Working Well Together 26:22
26:22 Putar Nanti Putar Nanti Daftar Suka Menyukai26:22
Putar Nanti Putar Nanti Daftar Suka MenyukaiShannon Sabens of CrowdStrike and Milind Kulkarni of a NVIDIA discuss what security researchers should expect when reporting vulnerabilities to a Product Security Incident Response Team (PSIRT); how to best to collaborate with them; how to interpret responses from the PSIRT; how to get the best outcome when making a report; supported versus end-of-life (EOL) products; CVE Numbering Authority (CNA) scopes; timing of a patch versus the publication of a CVE Record ; and more.…
W
We Speak CVE
1 Enhancing CVE Records as an Authorized Data Publisher 27:45
27:45 Putar Nanti Putar Nanti Daftar Suka Menyukai27:45
Putar Nanti Putar Nanti Daftar Suka MenyukaiKent Landfield of McAfee and Art Manion of CERT/CC discuss how the CVE Program ’s upcoming release of JSON 5.0 will allow for additional and related information to be added to CVE Records after they have been published by CVE Numbering Authorities (CNAs) . These additions — such as risk scores, affected product lists, versions, references, translations, etc. — will be made by “Authorized Data Publishers (ADPs),” which will be organizations authorized within the CVE Program to enrich the records. Also discussed are the benefits of enriched CVE Records to downstream users and the overall vulnerability management community, the use of Stakeholder-specific Vulnerability Categorization (SSVC), and plans and expectations for the upcoming ADP pilot.…
Selamat datang di Player FM!
Player FM memindai web untuk mencari podcast berkualitas tinggi untuk Anda nikmati saat ini. Ini adalah aplikasi podcast terbaik dan bekerja untuk Android, iPhone, dan web. Daftar untuk menyinkronkan langganan di seluruh perangkat.
Daily Deals
Mirip dengan We Speak CVE
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
T
There’s a Better Way: Smart Talk on Healthcare and Technology
1
There’s a Better Way: Smart Talk on Healthcare and Technology
Surescripts
12k30
The American healthcare system is one of the most innovative in the world. But it’s also riddled with complex challenges, such as access to affordable medications, inefficiency and administrative burdens, and communication barriers between providers. There’s clearly a better way—and at Surescripts, we have a unique sightline into what that may be. In this series, host Melanie Marcus, Chief Marketing Officer of Surescripts, sits down with today’s most inspiring and innovative leaders in healt ...
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Investor Shayle Kann is asking big questions about how to decarbonize the planet: How cheap can clean energy get? Will artificial intelligence speed up climate solutions? Where is the smart money going into climate technologies? Every week on Catalyst, Shayle explains the world of climate tech with prominent experts, investors, researchers, and executives. Produced by Latitude Media.
…
continue reading
D
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
TechStuff is getting a system update. Everything you love about Tech Stuff now twice the bandwidth with new hosts, Oz Woloshyn (Sleepwalkers) and Karah Preiss (Sleepwalkers). Oz and Karah bring humour and wit to the table as they break down what's happening in tech...and what it says about us. TechStuff is the podcast where technology meets culture. We speak to the folks building the future to understand what tomorrow will look like and how our technology is changing us: how we live, how we ...
…
continue reading
W
What Next: TBD | Tech, power, and the future
1
What Next: TBD | Tech, power, and the future
Slate Podcasts
11k568
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
A tech podcast for the gadget lovers and tech heads among us from the mind of Marques Brownlee, better known as MKBHD. MKBHD has made a name for himself on YouTube reviewing everything from the newest smartphones to cameras to electric cars. Pulling from over 10 years of experience covering the tech industry, MKBHD and co-hosts Andrew Manganelli and David Imel will keep you informed and entertained as they take a deep dive into the latest and greatest in tech and what deserves your hard earn ...
…
continue reading
Player FM - Aplikasi Podcast
Offline dengan aplikasi Player FM !
Offline dengan aplikasi Player FM !
))
