New Video: John Hammond Interviews Cybersecurity Expert Pete Allor

In this video, John Hammond interviews Pete Allor, a cybersecurity expert with an impressive 25-year career in the field. Pete shares his journey, major contributions to cybersecurity, and his perspectives on the future of vulnerability systems, particularly CVEs (Common Vulnerabilities and Exposures). Pete begins by describing his career, which includes key roles in organizations like Internet Security Systems, where he worked on vulnerability disclosure and contributed to the creation of common vulnerability systems. He was also involved in coordinating vulnerability disclosures and spent nine years on the board of FIRST, an organization dedicated to cybersecurity. Pete played a crucial role in creating the ICASI (Industry Consortium for Advancement of Security on the Internet), which brought together major IT players to share sensitive information under a multi-party non-disclosure agreement. One of the central topics of the discussion is the future of CVEs, a system for identifying software vulnerabilities. Pete explains that, despite recent uncertainties and rumors of service disruption, the CVE system will continue to operate and has been funded until March 7 of next year. However, he notes that the CVE board was not involved in the initial discussions about funding, which created tensions and a lack of transparency. Pete then introduces the idea of the CVE Foundation, an initiative aimed at making the CVE system less dependent on government funds and more global and inclusive. He explains that the CVE system is essential not only for national security but also for software producers, software defenders, and end-user organizations. He emphasizes that the CVE system must be supported by those who own and need to resolve vulnerability issues. The discussion turns to the federation of CVEs, which involves CNAs (CVE Numbering Authorities) and CNARs (CVE Numbering Authority Roots). Pete explains that federation is not just about the number of CNAs but about governance and data quality. He describes the current structure of the federation, which includes seven roots and three CNARs, and emphasizes the importance of governance to support CNAs under their jurisdiction. Pete also addresses current challenges and opportunities to improve the CVE system. He mentions that the program needs to evolve to be more agile, open, and transparent, drawing inspiration from open-source principles. He stresses the importance of adoption and adaptation to advance the program and make services more accessible and faster. In conclusion, Pete and John discuss the practical implications of these changes and how they can be applied in real-world scenarios. Pete emphasizes that the CVE Foundation aims to create a more unified and inclusive system where everyone can contribute and benefit from improvements. He encourages people to get involved and support this initiative for the good of the entire cybersecurity ecosystem. To learn more and follow the developments of the CVE Foundation, you can watch the full video at the following address: https://www.youtube.com/watch?v=Ofy0LxkwkT8