AI companies to play bigger role in CVE program, says CISA

AI companies like OpenAI and Anthropic should play a bigger role in software vulnerability disclosures in the future, according to a leader of the world’s largest vulnerability disclosure scheme.

Speaking at the opening of VulnCon26 in Scottsdale, Arizona, on April 14, Lindsey Cerkovnik said AI companies “should be better represented” in the Common Vulnerabilities and Exposures (CVE) program.

As chief of the Vulnerability Response & Coordination (VRC) Branch at the US Cybersecurity and Infrastructure Security Agency (CISA), sole sponsor of the MITRE-run CVE program, Cerkovnik and her team manage coordinated vulnerabilities disclosures for the CVE program.

Read more at Infosecurity Magazine