{"id":1139,"date":"2025-07-03T17:53:55","date_gmt":"2025-07-03T17:53:55","guid":{"rendered":"https:\/\/ft365.org\/index.php\/2025\/07\/03\/cve-program-launches-two-new-forums-to-enhance-cve-utilization\/"},"modified":"2025-07-03T17:53:55","modified_gmt":"2025-07-03T17:53:55","slug":"cve-program-launches-two-new-forums-to-enhance-cve-utilization","status":"publish","type":"post","link":"http:\/\/ft365.org\/index.php\/2025\/07\/03\/cve-program-launches-two-new-forums-to-enhance-cve-utilization\/","title":{"rendered":"CVE Program Launches Two New Forums to Enhance CVE Utilization"},"content":{"rendered":"<div id=\"cphContent_pnlArticleBody\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>The Board of the Common Vulnerabilities and Exposures (CVE) Program has launched two new forums to encourage more contributions and shape the future of the initiative.<\/p>\n<p>The CVE Program, run by the nonprofit MITRE and sponsored by the US Cybersecurity and Infrastructure Security Agency (CISA), faced uncertainty about its future in April after its contract expired. The contract was subsequently extended for 11 months, according to reports.<\/p>\n<p>While the longer-term future of the program remains uncertain beyond this period, the CVE Board appears to be willing to allow more stakeholders to have a voice and shape the program\u2019s strategy.<\/p>\n<p>On July 1, the Board announced the launch of two new forums, the CVE Consumer Working Group (CWG) and the CVE Researcher Working Group (RWG).<\/p>\n<h2><strong>Consumer Working Group: For CVE Data Users<\/strong><\/h2>\n<p>The CWG aims to represent the perspectives of end-consumers of CVE List data, including enterprises, security teams, vulnerability analysts, government agencies, managed security service providers (MSSPs), academic researchers, software vendors and tool developers who rely on CVE data to support decision-making, operational defense and risk management.<\/p>\n<p>\u201cThe CWG will identify consumer needs, evaluate the usability of CVE data and recommend improvements to ensure that the CVE Program remains aligned with real-world use cases,\u201d said the CVE Board.<\/p>\n<p>The CWG is open to CVE Board members, CVE Numbering Authorities (CNAs) \u2013 vetted organizations that publish CVEs \u2013, Authorized Data Publishers (ADPs) \u2013 organizations authorized to enrich CVE data \u2013 as well as external stakeholders who consume and work with CVE data and individuals \u201cwith relevant perspectives on CVE consumption.\u201d<\/p>\n<p>Jean-Baptiste Maillet, a cybersecurity architect specializing in vulnerability management at Ampere Software Technology, welcomed the launch in a post on LinkedIn.<\/p>\n<p>\u201cIt took more than 25 years for users to get a voice at the CVE Program, but better late than never,\u201d he said.<\/p>\n<h2><strong>Researcher Working Group: Restricted to Research and Bug Bounty CNAs<\/strong><\/h2>\n<p>The RWG is dedicated to establishing working norms for the extended community of designated Researcher CVE Numbering Authorities (CNAs).<\/p>\n<p>\u201cThis includes providing guidance and advice to the research community, as well as other research community activities designed to promote the CVE Program,\u201d the CVE Board explained.<\/p>\n<p>The RWG will operate under a TLP:Amber designation, meaning that information shared within the group is restricted to participants and their organizations, with limited further distribution allowed only on a need-to-know basis.<\/p>\n<p>Participation in the RWG is more limited than for the CWG, as only the CVE Board and representatives of currently active CNAs designated as either research CNAs or bug bounty CNAs are welcome.\u00a0<\/p>\n<p>Individuals without ties to research or bug bounty CNAs may only join RWG meetups when approved by consensus among current members.<\/p>\n<p>Both the CWG and RWG are now open for members to join.<\/p>\n<p><em>Image credit: CVE\/MITRE<\/em><\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>The Board of the Common Vulnerabilities and Exposures (CVE) Program has launched two new forums to encourage more contributions and shape the future of the initiative. The CVE Program, run by the nonprofit MITRE and sponsored by the US Cybersecurity and Infrastructure Security Agency (CISA), faced uncertainty about its future in April after its contract<\/p>\n","protected":false},"author":2,"featured_media":1140,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1139","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1139-1ada2575-f5d1-4ead-87b7-a83ebbcf71cc.jpg",300,300,false],"thumbnail":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1139-1ada2575-f5d1-4ead-87b7-a83ebbcf71cc-150x150.jpg",150,150,true],"medium":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1139-1ada2575-f5d1-4ead-87b7-a83ebbcf71cc.jpg",300,300,false],"medium_large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1139-1ada2575-f5d1-4ead-87b7-a83ebbcf71cc.jpg",300,300,false],"large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1139-1ada2575-f5d1-4ead-87b7-a83ebbcf71cc.jpg",300,300,false],"1536x1536":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1139-1ada2575-f5d1-4ead-87b7-a83ebbcf71cc.jpg",300,300,false],"2048x2048":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1139-1ada2575-f5d1-4ead-87b7-a83ebbcf71cc.jpg",300,300,false],"morenews-featured":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1139-1ada2575-f5d1-4ead-87b7-a83ebbcf71cc.jpg",300,300,false],"morenews-large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1139-1ada2575-f5d1-4ead-87b7-a83ebbcf71cc.jpg",300,300,false],"morenews-medium":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1139-1ada2575-f5d1-4ead-87b7-a83ebbcf71cc.jpg",300,300,false],"crawlomatic_preview_image":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1139-1ada2575-f5d1-4ead-87b7-a83ebbcf71cc-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"http:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"http:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/1139","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=1139"}],"version-history":[{"count":0,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/1139\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/1140"}],"wp:attachment":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=1139"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=1139"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=1139"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}