2025-04-20 –, P1 Workshop
Language: Deutsch
The recent breakdown in centralized CVE handling and databases has caused quite the ruckus in the IT-Sec community. 48 hours later funding is yet again (temporarily) secure, several additional databases, organizations and numbering systems have come forward.
What can organizations do to cope with the situation? What should our role as community be moving forward? What can you specifically do depending on your position in your organization? What recommendations can we give to management about how to handle the situation?
The recent breakdown in centralized CVE handling and databases has caused quite the ruckus in the IT-Sec community. 48 hours later funding is yet again (temporarily) secure, several additional databases, organizations and numbering systems have come forward. However, we should not disregard the temporary panic as "false alarm" and go back to the old status quo. The split brain between the several databases has already occurred, insecurity and distrust have grown and must be taken seriously.
What can organizations do to cope with the situation? What should our role as community be moving forward? What can you specifically do depending on your position in your organization? What recommendations can we give to management about how to handle the situation?
This is a short breakdown on the personal experience within the last few days. As the situation is still ever-changing I cannot yet present proven strategies, so prepare mainly for thought processes and pointers on where to start from here.
IT Security Professional, IPv6 Native, Network Princess, Chaos Communication Congress organization since 2010.