|
30 | 30 | } |
31 | 31 | ] |
32 | 32 | }, |
| 33 | + { |
| 34 | + "id": 423, |
| 35 | + "newsType": "blog", |
| 36 | + "title": "Our CVE Story: Biohacking Village", |
| 37 | + "urlKeywords": "Our CVE Story: Biohacking Village", |
| 38 | + "date": "2024-10-22", |
| 39 | + "author": { |
| 40 | + "name": "Janine (Nina Alli) Medina and Jennifer Agüero", |
| 41 | + "organization": { |
| 42 | + "name": " Biohacking Village", |
| 43 | + "url": "https://www.villageb.io/" |
| 44 | + }, |
| 45 | + "title": "CNA", |
| 46 | + "bio": "Guest authors Janine (Nina Alli) and Jennifer Agüero are both from Biohacking Village. Janine is CEO/Executive Director and Jennifer is a Marketing Communications Specialist. Biohacking Village is a CVE Numbering Authority (CNA) partner under the CISA ICS Root." |
| 47 | + }, |
| 48 | + "description": [ |
| 49 | + { |
| 50 | + "contentnewsType": "paragraph", |
| 51 | + "content": "<i>Guest authors Janine (Nina Alli) and Jennifer Agüero are both from Biohacking Village. Janine is CEO/Executive Director and Jennifer is a Marketing Communications Specialist. Biohacking Village is a CVE Numbering Authority (CNA) partner under the CISA ICS Root.</i>" |
| 52 | + }, |
| 53 | + { |
| 54 | + "contentnewsType": "paragraph", |
| 55 | + "content": "Since our founding in 2014, <a href='/PartnerInformation/ListofPartners/partner/BHV'>Biohacking Village</a> has recognized the critical need to raise awareness about cybersecurity in patient care — long before cybersecurity in healthcare became the priority it is today. Our mission, “Healthier Tech for Healthier People” places cybersecurity at the heart of fostering innovation and ensuring patient safety in healthcare technology. We are driven by two core goals: addressing public interest in healthcare security and ensuring patient safety through proactive action." |
| 56 | + }, |
| 57 | + { |
| 58 | + "contentnewsType": "paragraph", |
| 59 | + "content": "Each year, we organize Biohacking Village events for both domestic and international conferences, and we participate in one of the world’s largest hacker events, <a href='https://www.villageb.io/def-con' target='_blank'>DEF CON</a>. Over time, we’ve built strong relationships with leading medical device manufacturers, inviting them to our <a href='https://www.villageb.io/device-lab' target='_blank'>Device Lab</a>, where they bring products for testing on one of the most perilous networks, by some of the most skilled hackers in the world. We maintain an ethical approach to vulnerability testing and are a trusted partner, focusing on improving security while prioritizing patient protection." |
| 60 | + }, |
| 61 | + { |
| 62 | + "contentnewsType": "paragraph", |
| 63 | + "content": "Before partnering with the <a href='/'>CVE® Program</a> as a <a href='/ProgramOrganization/CNAs'>CVE Numbering Authority (CNA)</a>, responsibility for managing vulnerabilities lay solely with the device manufacturers participating in our Device Lab. While many manufacturers have their own Coordinated Vulnerability Disclosure (CVD) policies, not all do. Additionally, vulnerabilities are sometimes discovered by researchers or security professionals in our <a href='https://www.villageb.io/speaker-lab' target='_blank'>Speaker Lab</a> or <a href='https://www.villageb.io/catalyst-lab' target='_blank'>Catalyst Workshops</a>. In these situations, it’s crucial to have the capability to disclose these findings responsibly. Our ability to assist in responsible disclosure is central to our commitment to public interest and patient safety, ensuring vulnerabilities are addressed efficiently." |
| 64 | + }, |
| 65 | + { |
| 66 | + "contentnewsType": "paragraph", |
| 67 | + "content": "In June 2023, we reached a major milestone by becoming a <a href='/ProgramOrganization/CNAs'>CNA</a>. This designation enables us to proactively identify, assign, and publish <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for vulnerabilities found in medical devices that are not in another CNA’s scope . By adopting the CVE Program’s processes, we enhanced our ability to manage vulnerabilities swiftly and accurately. Becoming a CNA was a strategic decision that empowers us to contribute more effectively to the global healthcare security landscape." |
| 68 | + }, |
| 69 | + { |
| 70 | + "contentnewsType": "paragraph", |
| 71 | + "content": "The benefits of participating in the CVE Program go beyond our organization. As a CNA, we are better positioned to coordinate vulnerability management efforts with manufacturers, security researchers, and the broader healthcare community. For any organization involved in technology, especially in critical sectors like healthcare, becoming a CNA demonstrates a commitment to cybersecurity and patient safety. It enables companies to take ownership of vulnerabilities, coordinate responses effectively, and ensure risks are mitigated before they escalate into threats." |
| 72 | + }, |
| 73 | + { |
| 74 | + "contentnewsType": "paragraph", |
| 75 | + "content": "At Biohacking Village, our goal is not only to protect patients but also to support medical device manufacturers in continuously improving product security. We believe that collaboration between the public and private sectors, along with clear communication and transparency, is essential for reducing risks and building safer medical technologies. <a href='/PartnerInformation/Partner#HowToBecomeAPartner'>Becoming a CNA</a> reinforces our dedication to fostering a secure, innovative healthcare environment. Our journey with the CVE Program is just the beginning, and we’re excited to be part of this initiative to enhance safety for all." |
| 76 | + } |
| 77 | + ] |
| 78 | + }, |
| 79 | + { |
| 80 | + "id": 422, |
| 81 | + "newsType": "blog", |
| 82 | + "title": "Call for Papers Now Open for <i>CVE/FIRST VulnCon 2025</i> on April 7-10, 2025", |
| 83 | + "urlKeywords": "Call for Papers Now Open for VulnCon 2025", |
| 84 | + "date": "2024-10-22", |
| 85 | + "author": { |
| 86 | + "name": "CVE Program", |
| 87 | + "organization": { |
| 88 | + "name": "CVE Program", |
| 89 | + "url": "" |
| 90 | + }, |
| 91 | + "title": "", |
| 92 | + "bio": "" |
| 93 | + }, |
| 94 | + "description": [ |
| 95 | + { |
| 96 | + "contentnewsType": "paragraph", |
| 97 | + "content": "The <a href='/'>CVE Program</a> and <a href='https://www.first.org/' target='_blank'>FIRST</a> will co-host <i><a href='https://www.first.org/conference/vulncon2025/' target='_blank'>VulnCon 2025</a></i> at the McKimmon Center in Raleigh, North Carolina, USA, on April 7-10, 2025. The <a href='https://www.first.org/conference/vulncon2025/cfp' target='_blank'>Call for Papers</a> is open until January 15, 2025. See details <a href='https://www.first.org/conference/vulncon2025/cfp' target='_blank'>here</a>." |
| 98 | + }, |
| 99 | + { |
| 100 | + "contentnewsType": "paragraph", |
| 101 | + "content": "Registration, both virtual and in-person, will open in November 2024." |
| 102 | + }, |
| 103 | + { |
| 104 | + "contentnewsType": "image", |
| 105 | + "imageWidth": "", |
| 106 | + "href": "/news/VulnCon2025.png", |
| 107 | + "altText": "CVE/FIRST VulnCon 2025", |
| 108 | + "captionText": "<a href='https://www.first.org/conference/vulncon2025/' target='_blank'>CVE/FIRST VulnCon 2025</a>" |
| 109 | + }, |
| 110 | + { |
| 111 | + "contentnewsType": "paragraph", |
| 112 | + "content": "The purpose of the VulnCon — which is open to the public — is to collaborate with various vulnerability management and cybersecurity professionals to develop forward leaning ideas that can be taken back to individual programs for action to benefit the vulnerability management ecosystem. A key goal of the conference is to understand what important stakeholders and programs are doing within the vulnerability management ecosystem and best determine how to benefit the ecosystem broadly." |
| 113 | + }, |
| 114 | + { |
| 115 | + "contentnewsType": "paragraph", |
| 116 | + "content": "<h3>Call for Papers</h3>" |
| 117 | + }, |
| 118 | + { |
| 119 | + "contentnewsType": "paragraph", |
| 120 | + "content": "We are seeking session talks and training/workshops on the following topics: <ul><li><strong>Vulnerability Metadata</strong> - including sessions focused on CVE, CVSS, CWE, CSAF, EPSS, SSVC, VEX, EoX, and others, including Working Group, SIG, and other foundation read-report-outs</li><li><strong>Managing Risk</strong> - including sessions on articulating and framing risk for stakeholders in the vulnerability ecosystem</li><li><strong>Vulnerability Management’s Intersection with Global Public Policy & Regulation</strong> - What are current and emerging trends in the global regulatory space</li><li><strong>PSIRT Service Framework</strong> - Introductory, intermediate, and advanced topics for product security teams and defenders</li><li><strong>“State of…”</strong> Operations, Tooling, and the craft of product security, incident response, and ecosystem vulnerability management</li><li><strong>Coordinated Vulnerability Disclosure</strong> - practices and challenges in sharing and reporting security vulnerabilities and exploits</li></ul>" |
| 121 | + }, |
| 122 | + { |
| 123 | + "contentnewsType": "paragraph", |
| 124 | + "content": "VulnCon 2025 will have nearly 150 open speaking and/or training sessions available, so please consider submitting a session or education training to share with the ecosystem." |
| 125 | + }, |
| 126 | + { |
| 127 | + "contentnewsType": "paragraph", |
| 128 | + "content": "<h3>CFP Timeline</h3>" |
| 129 | + }, |
| 130 | + { |
| 131 | + "contentnewsType": "paragraph", |
| 132 | + "content": "<ul><li><strong>Call for Papers Closes:</strong> January 15, 2025</li><li><strong>Acceptance Notifications:</strong> Notification waves to being February 14, 2025</li><li><strong>Acceptance Due Date:</strong> February 28, 2025</li><li><strong>Final Presentations Due:</strong> April 2, 2025</li></ul>" |
| 133 | + }, |
| 134 | + { |
| 135 | + "contentnewsType": "paragraph", |
| 136 | + "content": "<h3>Speaker Privileges</h3>" |
| 137 | + }, |
| 138 | + { |
| 139 | + "contentnewsType": "paragraph", |
| 140 | + "content": "To help keep registration fees reasonable for all, we do not offer special discounts for speakers or workshop presenters. There is no accommodation or travel support provided." |
| 141 | + }, |
| 142 | + { |
| 143 | + "contentnewsType": "paragraph", |
| 144 | + "content": "<h3>Submission Process</h3>" |
| 145 | + }, |
| 146 | + { |
| 147 | + "contentnewsType": "paragraph", |
| 148 | + "content": "All proposals should be submitted via the “<a href='https://www.first.org/conference/vulncon2025/cfp#Submission-Process' target='_blank'>EasyChair</a>” link on the <a href='https://www.first.org/conference/vulncon2025/' target='_blank'>FIRST website</a>. You are welcome to submit multiple proposals." |
| 149 | + }, |
| 150 | + { |
| 151 | + "contentnewsType": "paragraph", |
| 152 | + "content": "<h3>Learn More About VulnCon 2025</h3>" |
| 153 | + }, |
| 154 | + { |
| 155 | + "contentnewsType": "paragraph", |
| 156 | + "content": "For most up-to-date information, visit the <a href='https://www.first.org/conference/vulncon2025/' target='_blank'>CVE/FIRST VulnCon 2025</a> conference page hosted on the FIRST website. We look forward to seeing you at this exciting community event!</a>" |
| 157 | + } |
| 158 | + ] |
| 159 | + }, |
33 | 160 | { |
34 | 161 | "id": 421, |
35 | 162 | "newsType": "news", |
|
0 commit comments