CVEs: How the Whole Thing Works

Publish Date

Watch Chris Levendis, Katie Trimble-Noble, and Chandan Nandakumaraiah discuss CVEs and how they work as part of the Cybersecurity Summit 2021 Day One presentations. This video is a recording of the livestream held on Wednesday, October 6, 2021. 

The National Cybersecurity Summit is an annual event that brings together cybersecurity and critical infrastructure stakeholders from around the world to hold meaningful conversations and collaborate on how we can protect our physical and cyber infrastructure.

About the Speakers

Moderator: Chris Levendis, Project Leader of CVE Program, MITRE

The MITRE Corporation, Project Leader supporting CISA's mission for Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE), Common Attack Pattern Enumeration and Classification (CAPEC), Cyber Threat, and the Office of the Chief Technology Officer.  

Chris Levendis serves as the Project Leader for the CVE Program as well as many other CISA-related initiatives. In this role, he is responsible for increasing the adoption and coverage of the CVE Program by working with industry, government, and academic stakeholders to chart the course for federated governance and operations of the program. Prior to supporting CVE, Levendis was the Deputy Project Leader for all of MITRE's CS&C-related work. Prior to supporting the cyber-related work, Levendis supported the original acquisition office and the Office of Infrastructure Protection under the original DHS IAIP Directorate.

Katie Trimble-Noble, Director Product Security Incident Response and Bug Bounty, Intel

Katie Noble serves as a Director of PSIRT and Bug Bounty at Intel Corp. In her role, she leads the cybersecurity vulnerability Bug Bounty program, researcher outreach, and strategic planning efforts. Prior to joining Intel, Katie served as the Section Chief of Vulnerability Management and Coordination at the Department of Homeland Security, Cyber and Infrastructure Security Agency (CISA). Her team is credited with the coordination and public disclosure of 20,000+ cybersecurity vulnerabilities within a two-year period. During her government tenure, in roles spanning Intelligence Analyst for the National Intelligence Community to Senior Policy Advisor for White House led National Security Council Cyber programs, Katie’s work directly impacted decision making for government agencies in the United States, United Kingdom, Canada, and Australia.

Chandan Nandakumaraiah, CVE Board Member, Palo Alto Networks

Chandan Nandakumaraiah leads the product security assurance, vulnerability remediation, and PSIRT at Palo Alto Networks and is a member of the CVE Board. Chandan is the co-chair of the CVE quality workgroup that is currently working to improve the quality of CVE data and standardize the CVE record format. The CVE program is the cornerstone of the vulnerability management ecosystem. With over 20 years of experience working in product security of several major technology vendors, Chandan is an insightful, strong technical leader, striving to improve the state of security assurance in the industry by driving innovation in vulnerability management practices.