- First off, for folks that don't know you can you give them a brief overview of your background/organizations?
- Josh, let's start with you. Can you explain some of what is going on with the drama around NVD and what happened that caught everyone's attention?
- Dan - I know you've raised concerns around the implications for the community when it comes to the lack of CVE enrichment, how do you see this impacting the vulnerability management ecosystem?
- Josh - Your team has started providing some accompanying resources to try and address the gap, can you tell us a bit about that?
Dan - You've spun up an open letter to congress and have kicked off a bit of a grass roots effort to raise awareness around the problem. How is it going so far and what are you hoping to accomplish with the letter?
- Why do you both think this is such a big deal, and how can something so critical to the entire software ecosystem be so underfunded, overlooked and taken for granted?
- What are some things you all hope to see in the future to resolve this, both from NIST/NVD and the Government but also from industry as well?
S6E11: Josh Bressers & Dan Lorenc - Untangling the NVD Chaos