Best CVE Program Podcasts (2025)

1
Funding the CVE Program of the Future 52:37

Play Pause

8d ago52:37

52:37

Dark Reading Confidential Episode 8: Federal funding for the CVE Program expires in April and a trio of experts agree the industry isn't doing enough to deal with the looming crisis. Bugcrowd's Trey Ford, expert Adam Shostack, and CVE historian Brian Martin sit down with Dark Reading to help us figure out what a "good" future of the CVE Program wou…

1
Ep. 7: You've Just Run a Penetration Test - What's Next? Beyond Pentesting 13:42

7h ago13:42

13:42

What happens after a traditional penetration test? In this episode, host Tova Dvorin is joined by Adrian Culley, Senior Sales Engineer and EU lead at SafeBreach, to explore the critical evolution from legacy pentesting to continuous, automated red teaming (CART) and breach and attack simulation (BAS). We dive deep into the limitations of point-in-t…

1
Mapping the Root Causes of CVEs 23:51

1d ago23:51

23:51

“We Speak CVE” podcast host Shannon Sabens chats with CVE™/CWE™ Project Lead Alec Summers and CWE Top 25 task lead/CWE Root Causes Mapping Working Group lead Connor Mullaly about the importance of mapping CVE Records (vulnerabilities) to their technical root causes using Common Weakness Enumeration (CWE). Additional topics include the benefits of R…

1
Ep. 6: Storm-2603 & Warlock: Where Ransomware-as-a-Service Gets Real 13:03

8d ago13:03

13:03

A new breed of ransomware is on the rise: Warlock. In this episode, host Tova Dvorin and SafeBreach senior sales engineer Adrian Culley dig into the chilling details of the Warlock ransomware campaign and its deployment by Chinese threat actor Storm-2603. Learn how this adversary is combining nation-state level tactics with financially motivated ra…

1
Ep. 5: Interlock Ransomware: Don’t Accept Code from Strangers 9:20

13d ago9:20

9:20

In this episode of the SafeBreach Cyber Resilience Podcast, host Tova Dvorin sits down with Senior Sales Engineer Adrian Culley to dissect one of the most aggressive ransomware threats in circulation today: Interlock. Backed by a rapidly evolving, financially motivated threat group, Interlock ransomware isn’t just encrypting systems—it’s stealing s…

1
Ep. 4: ToolShell in the Wild: SharePoint Zero-Day CVE-2025-53770 Explained 10:53

17d ago10:53

10:53

In this urgent Cyber Resilience Brief, host Tova Dvorin is joined by SafeBreach experts Adrian Culley and Tomer Bar to break down CVE-2025-53770, a critical zero-day vulnerability actively exploited in Microsoft SharePoint Server. Known as part of the ToolShell attack chain, this deserialization flaw allows unauthenticated remote code execution and…

1
Ep. 3: Palo Alto Networks Research and AI Generated Attacks 14:25

22d ago14:25

14:25

AI vs. Cybersecurity: The New Frontline In this eye-opening episode, host Tova Dvorin sits down with Tomer Bar, VP of Security Research at SafeBreach, and Shelly Zucker, Product Manager at SafeBreach, to unravel the alarming ways AI is transforming the cyber threat landscape—and what it means for defenders. The conversation kicks off with jaw-dropp…

1
Ep. 2: FBI Advisory, Iranian Threats & Resilience 7:40

1M ago7:40

7:40

In this episode, we break down the latest FBI advisory on Iranian cyber actors — and what it means for your OT, IoT, and critical systems. SafeBreach’s Adrian Culley shares practical steps to validate defenses and lock the stable door before the horse bolts.By SafeBreach

1
Ep. 1: Building DORA-Ready Defenses -- Cyber Resilience Starts Now 16:57

1M ago16:57

16:57

In this premiere episode of The Cyber Resilience Brief, we dive into the EU’s Digital Operational Resilience Act (DORA) — and why its impact goes far beyond Europe. Host Tova Dvorin is joined by Adrian Culley and David Murray from SafeBreach to break down what DORA means for financial institutions, insurers, and ICT providers worldwide. We explore:…

1
CISA is Shrinking: What Does it Mean for Cyber? 34:30

1M ago34:30

34:30

Dark Reading Confidential sits down with two cybersecurity leaders to find out what cuts at CISA mean for the business of cyber. Featuring: Tom Parker, CEO of Hubble Technology Jake Williams, aka "@malwarejake", VP of R&D at Hunter Strategy In today’s episode, we’ll cover… The impact of CISA's workforce reduction How the private sector can fill the…

1
The Day I Found an APT Group In the Most Unlikely Place 25:05

3M ago25:05

25:05

Cyber researchers Ismael Valenzuela and Vitor Ventura share riveting stories about the creative tricks they used to track down advanced persistent threat groups, and the surprises they discovered along the way.By Dark Reading

1
Hoff’s Rules: People First 32:46

4M ago32:46

32:46

Dark Reading Confidential Episode 5: Christofer Hoff, chief secure technology officer at LastPass, shares the human side of the story of how he led his team through a major cyber incident and built from the ground up a security team and security culture. In this frank conversation, Hoff has some valuable advice for how to handle and rebound from a …

1
25 Years of CVE and What’s Next 47:29

6M ago47:29

47:29

Host Shannon Sabens speaks with fellow CVE Board members Kent Landfield and Madison Oliver and CVE Program Lead Alec Summers about the 25th anniversary of the CVE Program. Topics include the history of the program, the program today, and what’s next.By CVE Program

1
Quantum Has Landed, So Now What? 30:48

9M ago30:48

30:48

Episode 4: The National Institute of Standards and Technology's (NIST) release of its new post-quantum cryptography standards last summer was the quiet start of a new chapter in cybersecurity. Now no longer something that can be filed away for future reference, post-quantum encryption has officially landed on the desks of cybersecurity leaders worl…

1
CNA Onboarding Process Myths Versus Facts 24:33

10M ago24:33

24:33

Shannon Sabens of CrowdStrike chats with Dave Morse, program coordination lead for the CVE Program, about the myths and facts of the CVE Numbering Authority (CNA) partner onboarding process. Truth and facts about the following topics are discussed: duration and complexity of the onboarding process; the fact that there is no fee to participate; ease…

1
Pen Test Arrest: 5 Years Later 41:51

11M ago41:51

41:51

Episode 3: On September 11, 2019, two cybersecurity professionals were arrested in Dallas County, Iowa and forced to spend the night in jail -- just for doing their jobs. Gary De Mercurio and Justin Wynn ultimately found themselves used as pawns in a very public and ugly power dispute between the local county Sheriff's office and the state, forced …

1
Meet the Ransomware Negotiators 54:00

1y ago54:00

54:00

Episode 2: When a business gets infected with ransomware - its systems and data locked down by cybercriminals - there is rarely a quick fix to get back up and running. Sometimes the nature of the attack and the lack of backup options force the victim organization to pony up and pay ransom to the attackers. That's typically where a ransomware negoti…

1
Expected Impact of the CNA Rules 4.0 37:40

1y ago37:40

37:40

Host Shannon Sabens speaks with Art Manion and Kent Landfield, all three of whom are CVE Board members and CVE Working Group (WG) chairs, about the all-new “CVE® Numbering Authority (CNA) Operational Rules Version 4.0.” Topics discussed include the new fundamental concept embedded throughout the rules called the “right of refusal”; how CVE assignme…

1
The CISO and the SEC 51:20

1+ y ago51:20

51:20

The first episode of Dark Reading Confidential dives into the complicated relationship between the Security and Exchange Commission (SEC) and the Chief Information Security Officer (CISO) within publicly traded companies. Frederick “Flee” Lee, CISO of Reddit, Beth Waller, a practicing cyber attorney who represents many CISOs, and Ben Lee, Chief Leg…

1
Coming Soon: The CISO and the SEC 0:55

1+ y ago0:55

0:55

Breaking News: Dark Reading's brand-new podcast, Dark Reading Confidential, is coming this month. Dark Reading Confidential brings you rare, firsthand stories from cybersecurity practitioners in the cyber trenches. Join us for our inaugural episode, "The CISO and the SEC," with our guests Reddit CISO Fredrick Lee, Reddit Chief Legal Officer Ben Lee…

1
Swimming in Vulns (or, Fun with CVE Data Analysis) 43:32

1+ y ago43:32

43:32

Host Shannon Sabens of CrowdStrike chats with Benjamin Edwards and Sander Vinberg, both of Bitsight, about analyzing vulnerability data in the CVE List. This is a follow-on to their “CVE Is The Worst Vulnerability Framework (Except For All The Others)” talk at CVE/FIRST VulnCon 2024. Topics discussed include the types of vulnerabilities and vulnera…

1
Meet the 3 New CVE Board Members 25:49

1+ y ago25:49

25:49

In this episode — recorded live at “CVE/FIRST VulnCon 2024” — CVE Board member and CVE podcast host Shannon Sabens of CrowdStrike chats with the three newest CVE Board members: Madison Oliver of GitHub Security Lab, Tod Beardsley of Austin Hackers Anonymous (AHA!), and MegaZone of F5 who joins as the new CVE Numbering Authority (CNA) Liaison to the…

1
CVE Records States and Tags 33:31

1+ y ago33:31

33:31

Host Shannon Sabens speaks with Art Manion and Kent Landfield, all three of whom are CVE Board members and CVE Working Group (WG) chairs, about CVE Records. Discussion topics include the CVE Record Lifecycle, the three “states” of CVE Records (RESERVED, PUBLISHED, and REJECTED), the current “tags” in use with CVE Records (EXCLUSIVELY-HOSTED-SERVICE…

1
The Council of Roots 48:09

1+ y ago48:09

48:09

Learn how CVE Numbering Authority (CNA) partners—ranging from large to small organizations, proprietary and open-source products or projects, disparate business sectors, and different geographic locations—are overseen and supported within the CVE Program by “Top-Level Roots” and “Roots.” Topics include the roles and responsibilities of the two diff…

1
How the New CVE Record Format Will Benefit Consumers 25:41

2y ago25:41

25:41

Shannon Sabens of CrowdStrike and Kent Landfield of Trellix, both of whom are CVE Board members and CVE Working Group chairs, speak about how the new CVE Record format — with its new structured data format and optional information fields — will benefit and provide enhanced value to consumers of CVE content moving forward. Specific topics discussed …

1
Becoming A CNA—Myths versus Facts 22:25

2y ago22:25

22:25

Host Shannon Sabens of CrowdStrike chats with Julia Turkevich of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) about the myths and facts of partnering with the CVE Program as a CVE Numbering Authority (CNA). Truth and facts about the following myths are discussed: Myth #1: Only a specific category of software vendors can become C…

1
Microsoft’s Journey Adopting CVE Services & CVE JSON 5.0 30:08

2+ y ago30:08

30:08

Kris Britton of the CVE Program speaks with Lisa Olson of Microsoft about Microsoft’s journey adopting the new CVE Services and CVE JSON 5.0 into their vulnerability management infrastructure and how they used them for the first time as part of Microsoft’s February 2023 Patch Tuesday. Discussion topics include the CVE JSON 5.0 schema mind map and o…

1
Coordinated Vulnerability Disclosure 23:07

2+ y ago23:07

23:07

Shannon Sabens of CrowdStrike chats with Madison Oliver of GitHub Security Lab about the recent release of OpenSSF’s “Guidance for Security Researchers to Coordinate Vulnerability Disclosures with Open Source Software Projects” document and the important step of obtaining a CVE ID in the coordinated vulnerability disclosure process for open-source …

1
An Insider’s View of the CVE Program 23:27

3y ago23:27

23:27

Shannon Sabens of CrowdStrike and Tod Beardsley of Rapid7, both of whom are CVE Board members and CVE Working Group chairs, chat about the CVE Program from their insider’s perspectives. Topics include the value of a federated program of CVE Numbering Authorities (CNAs) from around the world for increased assignment of CVE Records; the upside and mi…

1
The Value of Assigning CVEs 19:11

3y ago19:11

19:11

Shannon Sabens of CrowdStrike chats with Madison Oliver of GitHub Security Lab about how and why CVEs are assigned, the value of CVEs in vulnerability management, responsible coordination of vulnerability disclosures, the importance of comprehensiveness in security advisories, and why there is no stigma in a CVE. CVE Numbering Authority (CNA) scope…

1
Researchers and PSIRTs Working Well Together 26:22

3+ y ago26:22

26:22

Shannon Sabens of CrowdStrike and Milind Kulkarni of a NVIDIA discuss what security researchers should expect when reporting vulnerabilities to a Product Security Incident Response Team (PSIRT); how to best to collaborate with them; how to interpret responses from the PSIRT; how to get the best outcome when making a report; supported versus end-of-…

1
Enhancing CVE Records as an Authorized Data Publisher 27:45

3+ y ago27:45

27:45

Kent Landfield of McAfee and Art Manion of CERT/CC discuss how the CVE Program’s upcoming release of JSON 5.0 will allow for additional and related information to be added to CVE Records after they have been published by CVE Numbering Authorities (CNAs). These additions — such as risk scores, affected product lists, versions, references, translatio…

1
How Red Hat's Active Participation Helps Improve the CVE Program 24:06

3+ y ago24:06

24:06

Shannon Sabens of CrowdStrike chats with Peter Allor, Fábio Olivé, and Martin Prpic of Red Hat, which is a long-time CVE Numbering Authority (CNA). The benefits of actively participating as a member of the CVE community are discussed, especially in the CVE Working Groups, which allows Red Hat to directly contribute to enhancing CVE automation and q…

1
CVE Myths versus Facts 27:37

4y ago27:37

27:37

Episode 9 – Three CVE Board members provide the truth and facts about the following myths about the CVE Program: Myth #1: The CVE Program is run entirely by the MITRE Corporation Myth #2: The CVE Program is controlled by software vendors Myth #3: The CVE Program doesn’t cover enough types of vulnerabilities Myth #4: The CVE Program is responsible f…

1
CVE Working Groups, What They Are and How They Improve CVE 26:32

4y ago26:32

26:32

Our eighth episode is all about how community members actively engage in the six CVE Working Groups (WGs) to help improve quality, automation, processes, and other aspects of the CVE Program as it continues to grow and expand. The chairs and co-chairs of each WG, each of whom is an active member of the CVE community, chat about their WG’s overall m…

1
Interview with Larry Cashdollar - A Researcher's Perspective 20:40

4+ y ago20:40

20:40

Episode 4 – Kelly Todd of the CVE Program interviews security researcher Larry Cashdollar about how he got started researching vulnerabilities and his experiences over the years, how he became the CVE Program’s first-ever independent vulnerability researcher CVE Numbering Authority (CNA), best practices, and the benefits of being able to assign his…

1
Partnering with the CVE Program 18:48

4+ y ago18:48

18:48

Episode 3 - Shannon Sabens of CrowdStrike speaks with Jo Bazar of the CVE Program, Erin Alexander of CISA ICS, and Tomo Itou of JPCERT/CC about the structure and objectives of the CVE Numbering Authority (CNA) program, what it means to be a Root and a CNA, the benefits of partnering with the CVE Program, and recommendations for organizations consid…

1
How MongoDB Manages Its CVEs 23:58

4+ y ago23:58

23:58

Episode 2 - Chris Sandulow, Boris Sieklik, and Lena Smart from MongoDB discuss their internal processes for managing CVEs, the importance of CVSS scoring to their customers, the benefits experienced from partnering with the CVE Program as a CVE Numbering Authority (CNA), and recommendations for other organizations considering becoming a CNA.…