CVE Crisis: State of the Vulnerability Disclosure Landscape

Our vulnerability disclosure ecosystem is strained. NVD backlogs persist, while the CVE program, after a near-critical funding crisis impacting its stability, struggles with vulnerability volume and assignment consistency under ongoing resource pressure. CISA's role also evolves amidst these challenges. This talk dissects these US program issues and their impact on AppSec professionals, then examines rising global players like ENISA and other vulnerability databases, assessing their pros, cons, and impact on vulnerability management.