The Everything Feed - All Packet Pushers Pods PP084: Inside the CVE Process With Cisco (Sponsored)
Oct 30, 2025
Join Osman Hashmi, a Principal Engineer at Cisco, Marco Cassini from the Product Security Incident Response Team, and Joe Malcolm, the CISO for Infrastructure Engineering, as they dive into the intricate world of CVEs. They discuss the crucial roles of various organizations in vulnerability management, the complexities of CVSS scoring, and the importance of responsible disclosure. The trio also explores how Cisco collaborates with customers on patch validation and the rising demand for Software Bill of Materials (SBOMs). Plus, they tackle infrastructure resiliency and innovative AI solutions in cybersecurity.
AI Snips
Chapters
Transcript
Episode notes
How The CVE Ecosystem Is Structured
- MITRE maintains the CVE list and provides impartial editorial guidance used industry-wide.
- NVD/NIST enrich CVEs with scoring, CWEs and CPEs to make vulnerabilities actionable for vendors.
CVE As The Global Common Language
- CVE is the de facto universal identifier for vulnerabilities across regions and vendors.
- Europe may build parallel enrichment services but typically still maps to a single CVE identifier.
Use NVD For Enrichment And Automation
- Use NVD as the trusted source for CVE analysis, CVSS scoring, CWEs and CPE mappings.
- Leverage NVD enrichment to automate vulnerability management and product impact assessments.