Art Manion

Interested and will attend.

Does this help? https://vuls.cert.org/confluence/display/VIN/Vulnerability+Note+API @ahouseholder we should decide and document that we're no longer updating the archive.

I experienced this issue also, for certificates listed in index.txt but `.crt` files not present in `issued/`. Here's a patch, would a PR be helpful? [ff_date_to_cert_date.patch](https://github.com/OpenVPN/easy-rsa/files/10272307/ff_date_to_cert_date.patch) Nevermind I found https://github.com/OpenVPN/easy-rsa/pull/806/commits/3c0d90799fe7c396bc30eefe3ffcf153a23400b8

Looks like this is being (partly) addressed in https://github.com/GSA/govt-urls/pull/120.

For the ADP Pilot, the proposal so far is limited to the following SSVC decision points: * Exploitation (source: @ahouseholder's collection) * Technical Impact (source: CVSS base) * Automatable/Value Density/Utility...

Just noting the ADP pilot is on hold pending CVE Services 2.x and JSON 5 production releases.

Both tickets and cases can be transferred across teams (and individual users). I believe some notification occurs now, but likely in-band (within VINCE). If there is email notification, where should...

I had the same question, the current list does not include an unqualified "Apache" so I think this is resolved. ASF has 2.5K repositories :)

> > Of course the problem with Full Disclosure is you're creating a huge risk, as as soon as a vuln is public it starts being exploited on a global...

Some general CVE/NVD background. NVD is effectively downstream of CVE, NVD [adds analysis and content](https://nvd.nist.gov/general/cve-process.) to CVE content. Both NVD and the CVE Program sponsored by the U.S. Government, DHS...