In this episode of Sustain, Richard welcomes special guests Daniel Stenberg, founder, and lead developer of the cURL project, and Dan Lorenc, co-founder, and CEO of Chainguard, to discuss security challenges and the complexities of Common Vulnerabilities and Exposures (CVEs). They highlight issues with how CVEs are reported and scored, as well as the potential impact on open source maintainers. The conversation delves into the process of requesting a CVE, the National Vulnerability Database (NVD), and the quality of CVE reports. They also address concerns about CVE-related DDOS attacks and propose short-term solutions. Throughout the discussion, the frustration and uncertainty regarding the future of the CVE system are evident.
https://podcast.sustainoss.org/203