With the proliferation of open source usage in services and commercial software, the requirements for vulnerability identifiers have changed. The need for increased scope of coverage, deeper reporting and information, and reduced latency are now requirements. Everyone in IT is building and consuming software in unique ways, there is no one single way in our modern infrastructure; any attempt at a one-size-fits-all is doomed to failure.
You can learn more about why this group was created in this blog from Cloud Security Alliance’s Founder and CEO, Jim Reavis.
As an industry, we need to start talking about how to solve this problem. One way you can do this is by joining our mailing list at https://csaurl.org/list-uvi. We also would like to encourage you to get the conversation started by sharing any questions or ideas you have for this project in the Global Security Database (GSD) Community on Circle.
Related Github resources:
The mission of this working group is to identify and understand the problems around vulnerability discovery, reporting, publication, tracking, and classification.
Jan 18, 2022, 10:00AM PST
Join the Meeting
Working Group Leadership
Product Security Technical Lead
Josh Bressers is the Vice President of Security at Anchore. Josh has helped build and manage product security teams for open source projects as well as several organizations. Everything from managing supply chains, vulnerabilities, security development lifecycle, DevSecOps, security product management, security strategy, and nearly any other task that falls under the security umbrella. Josh co-hosts the Open Source Security Podc...
Chief Blockchain Officer, Director of Special Projects, CSA
For over 2 decades Kurt has been involved in the information security field, starting with Windows and Linux and continuing on to cloud and now Blockchain. With a strong focus on security and privacy Kurt brings a wealth of knowledge and experience to the CSA.