Tom Alrich's Blog
Sunday, April 28, 2024
The NVD fades away
›
I didn’t know whether to laugh or cry when I saw the NVD’s most recent announcement (last week) about…what is this about, anyway? Here is...
Friday, April 26, 2024
Maybe there’ll be a happy ending to the NVD story yet!
›
It seems almost normal that a French citizen would follow goings-on in the US government having to do with vulnerability management much bet...
Tuesday, April 23, 2024
NERC CIP: My podcast on CIP and the cloud
›
Industrial Defender recently contacted me about doing a second podcast (the first was a couple of years ago) on a NERC CIP topic of my ch...
Friday, April 19, 2024
Would you like to help figure out the best path(s) forward on vulnerability databases?
›
Many organizations in the software supply chain security community have assumed for years that the National Vulnerability Database (NVD), de...
Wednesday, April 17, 2024
Everything you always wanted to know about VEX (and TEA), but were afraid to ask
›
Two weeks ago, Steve Springett (leader of the OWASP CycloneDX and Dependency Track projects, and recently elected OWASP board member) and ...
Monday, April 15, 2024
Two months and counting
›
I’ve written a number of posts lately on the problems with the National Vulnerability Database (NVD); this one was the first. Briefly speak...
Thursday, April 11, 2024
It’s time to figure out this whole vulnerability database problem
›
Tom’s note: I sent out the notice below to the members of the OWASP SBOM Forum and it’s generated a lot of interest. It seems people agree w...
›
Home
View web version