EPISODE · Oct 5, 2025 · 34 MIN
Communications Very Erratic (CVE): Stabilizing Vuln Data for the Industry (OSFF NY Preview)
from FINOS Open Source in Finance Podcast · host FINOS
🚨 What happens when the backbone of vulnerability reporting wobbles? In April 2025, funding shocks to CVE/CWE—and the downstream NVD—sparked panic before a short-term lifeline appeared. The uncertainty hasn’t gone away.In this clip:Christopher “CRob” Robinson, CTO & Chief Security Architect, OpenSSF (The Linux Foundation)CRob previews his OSFF NY session on why reliable, authoritative vulnerability metadata is critical for banks, regulated enterprises, and open source maintainers—and what upstream is doing about it. He walks through the recent CVE/NVD turbulence, why downstream teams (risk, OSPOs, product owners) struggle to meet regulatory obligations without stable data, and how the open source community is collaborating to deliver consistent, high-quality vulnerability information going forward. Expect clear context, practical takeaways, and a path from fragmented signals to trustworthy feeds.🎟️ See CRob’s full talk at OSFF New York (Oct 21–22, 2025).🌐 More about FINOS: https://www.finos.org/📧 Join our newsletter: https://www.finos.org/newsletter#FINOS #OSFFNY #OpenSourceSecurity #OpenSSF #CVE #CWE #NVD #VulnerabilityManagement #Risk #Compliance #SupplyChainSecurity
What this episode covers
🚨 What happens when the backbone of vulnerability reporting wobbles? In April 2025, funding shocks to CVE/CWE—and the downstream NVD—sparked panic before a short-term lifeline appeared. The uncertainty hasn’t gone away.In this clip:Christopher “CRob” Robinson, CTO & Chief Security Architect, OpenSSF (The Linux Foundation)CRob previews his OSFF NY session on why reliable, authoritative vulnerability metadata is critical for banks, regulated enterprises, and open source maintainers—and what upstream is doing about it. He walks through the recent CVE/NVD turbulence, why downstream teams (risk, OSPOs, product owners) struggle to meet regulatory obligations without stable data, and how the open source community is collaborating to deliver consistent, high-quality vulnerability information going forward. Expect clear context, practical takeaways, and a path from fragmented signals to trustworthy feeds.🎟️ See CRob’s full talk at OSFF New York (Oct 21–22, 2025).🌐 More about FINOS: https://www.finos.org/📧 Join our newsletter: https://www.finos.org/newsletter#FINOS #OSFFNY #OpenSourceSecurity #OpenSSF #CVE #CWE #NVD #VulnerabilityManagement #Risk #Compliance #SupplyChainSecurity
NOW PLAYING
Communications Very Erratic (CVE): Stabilizing Vuln Data for the Industry (OSFF NY Preview)
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m