Radio and PodcastRadio and PodcastLive Radio & Podcasts
Coordinated Vulnerability Disclosure artwork
Technology

Coordinated Vulnerability Disclosure

We Speak CVE by CVE Program

Dec 30, 202223:07Technology

Shannon Sabens of CrowdStrike chats with Madison Oliver of GitHub Security Lab about the recent release of OpenSSF ’s “ Guidance for Security Researchers to Coordinate Vulnerability Disclosures with Open Source Software...

About This Episode

Coordinated Vulnerability Disclosure is an episode from We Speak CVE by CVE Program. Shannon Sabens of CrowdStrike chats with Madison Oliver of GitHub Security Lab about the recent release of OpenSSF ’s “ Guidance for Security Researchers t...

Podcast

This episode belongs to We Speak CVE.

Listen Online

Use the player on this page to stream the episode online.

Episode Details

Published Dec 30, 2022, 23:07 long, audio available.

Related Episodes

Continue listening to more episodes from We Speak CVE.

CVE Record Disputes Explained

Mar 24, 2026 - 30:00

In this episode of the “ We Speak CVE ” podcast, MITRE’s CVE and CWE Project Lead Alec Summers chats with...

Mapping the Root Causes of CVEs

Aug 5, 2025 - 23:51

“ We Speak CVE ” podcast host Shannon Sabens chats with CVE™ / CWE™ Project Lead Alec Summers and CWE Top...

25 Years of CVE and What’s Next

Feb 4, 2025 - 47:29

Host Shannon Sabens speaks with fellow CVE Board members Kent Landfield and Madison Oliver and CVE Progra...

Meet the 3 New CVE Board Members

Apr 9, 2024 - 25:49

In this episode — recorded live at “ CVE/FIRST VulnCon 2024 ” — CVE Board member and CVE podcast host Sha...

Questions About This Episode

What is Coordinated Vulnerability Disclosure about?

Shannon Sabens of CrowdStrike chats with Madison Oliver of GitHub Security Lab about the recent release of OpenSSF ’s “ Guidance for Security Researchers to Coordinate Vulnerability Disclosures with Open Source Software Projects ” document and the important step of obtaining a CVE ID in the coordinated vulnerability disclosure process for open-source vulnerabilities. OpenSSF is a “cross-industry organization that brings together the industry’s most important open source security initiatives and the individuals and companies that support them.” The CVD Guide was released by OpenSSF’s Vulnerability Disclosure working group in September 2022, which in 2021 released its “ Guide to Implementing a Coordinated Vulnerability Disclosure Process for Open Source Projects ” document, both of which are discussed by Shannon and Madison. Other discussion topics in this episode include the importance of finders (e.g., security researchers, hackers, academics, bug bounty hunters, etc.) in vulnerability management, how finders can expedite their requests to software owners with quality information in their initial requests, OpenSSF’s vulnerability report template and how using it can help with requests, importance of obtaining a CVE ID for open source and all vulnerabilities, best practices for working with CVE Numbering Authorities (CNAs) , managing expectations for turnaround times, the CVE Program’s CVE Record Dispute Policy , why all participants should remember that they are interacting with people in all aspects of the vulnerability management process, and more. LINKS: OpenSSF CVD Guide – OpenSSF vulnerability report template – OpenSSF Implementing a CVD Process Guide – CVE Record Dispute Policy – CNAs –

Where can I listen to Coordinated Vulnerability Disclosure?

You can listen to Coordinated Vulnerability Disclosure online on Radio and Podcast. Open the player on this page to stream the available audio.

Which podcast is Coordinated Vulnerability Disclosure from?

Coordinated Vulnerability Disclosure is an episode from We Speak CVE by CVE Program.

How long is this episode?

This episode is 23:07 long.

When was this episode published?

This episode was published on Dec 30, 2022.

Can I save Coordinated Vulnerability Disclosure for later?

Yes. Use the heart button on the episode page to add it to your favorite episodes list.

Are there related episodes from We Speak CVE?

Yes. This page shows related episodes from We Speak CVE when more episodes are available from the podcast feed.

Quick Answers About This Episode

Where can I listen to Coordinated Vulnerability Disclosure?

You can listen to Coordinated Vulnerability Disclosure on this page when the episode audio is available from the podcast feed.

Which podcast is this episode from?

Coordinated Vulnerability Disclosure is from We Speak CVE by CVE Program.

What are the episode details?

Published Dec 30, 2022 and 23:07 long