The CVE program, which claims to be sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) (we tried to confirm that with CISA, but got no reply), is supposed to provide a unique identifier Continue reading CVE’s CNA Program Is Causing Them to Fail in Their Stated Mission
CVE is a program that is supposed to provide unique identifiers for vulnerabilities and as we will get to shortly, it also is a path for directing software vulnerability reports away from developers to at least one security company selling Continue reading CISA Provides No Explanation for Sponsoring Program That Directs Vulnerability Report Info to Hackers
CISA, which stands for Cybersecurity & Infrastructure Security Agency, is a US federal agency operating under the Department of Homeland Security. Established in 2018, it supersedes the NPPD – National Protection and Programs Directorate and is tasked with improving cybersecurity Continue reading CISA’s list of bad practices that harm WordPress security