Login

Tag Archives: CVE Numbering Authorities

17 Nov 2022

CVE’s CNA Program Is Causing Them to Fail in Their Stated Mission

The CVE program, which claims to be sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) (we tried to confirm that with CISA, but got no reply), is supposed to provide a unique identifier for vulnerabilities:

The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each vulnerability in the catalog. [Read more]

16 Nov 2022

CISA Provides No Explanation for Sponsoring Program That Directs Vulnerability Report Info to Hackers

CVE is a program that is supposed to provide unique identifiers for vulnerabilities and as we will get to shortly, it also is a path for directing software vulnerability reports away from developers to at least one security company selling non-public information on vulnerabilities to any hackers willing to pay them.

The footer of the website for the CVE program claims that it is sponsored by the US Deparment of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA): [Read more]

4 Nov 2022

CVE Numbering Authority VulDB Falsely Claimed That 800,000+ Install WordPress Plugin Contained Vulnerability

Yesterday, a topic was created on the WordPress Support Forum about a claimed vulnerability in the WordPress plugin The Events Calendar with the message:

VulDB published an advisory concerning a vulnerability in The Events Calendar plugin, at https://vuldb.com/?id.212632. [Read more]