Art Manion

At least three issues that came up in discussion: 1. U.S. Government funding, desire for a more global, international, organizational and funding structure 2. While proprietary software very often includes...

I can't comment on NVD funding, but I observe that it continues to operate, and as (at least IMO) a useful U.S. government service, plus something cited in regulations, my...

Another time-related consideration: The containers have timestamps, so does the SSVC metric. So even without creating a changelog-like timeline, a consumer could determine that the CNA container (potentially containing new...

+1 to @M-nj's advice. Impact (CIA) is typically provded as part of CVSS base, are you asking about [Modified Base Metrics](Modified Base Metrics)? I believe those are supposed to be...

> At the very least, I should be able to link the CWEs with the CVEs Some CVE Records have CWE information and both [Vulnrichment](https://github.com/cisagov/vulnrichment) and [NVD](https://nvd.nist.gov/developers) add CWE information....

Having nearly encountered this behavior, +1 to a confirmation dialog or other accident reduction feature. When I reserve a CVE ID and draft content to save for later because the...

Further detail: @​person is part of the case, but a different @​person is selected. Not sure if this incorrect @​person is notified and they are not added to the case...

It's possible this is only a display confusion issue with the mouseover after the comment is posted.

There are no material changes between CVE-2024-45744.a.json and CVE-2024-45744.b.json execpt for the timestamps written by CVE Services. ``` $ jq -r .cveMetadata.dateUpdated CVE-2024-45744.a.json 2025-02-28T20:45:05.623Z $ jq -r .containers.cna.providerMetadata.dateUpdated CVE-2024-45744.a.json 2025-02-28T20:45:05.623Z...

And/or allow user to select the TZ from the UI?