cvss

Josh and Kurt talk about why CVE is making the news lately. Things are not well in the CVE program, and it's not looking like anything will get fixed anytime soon. Josh and Kurt have a unique set of knowledge around CVE. There's a lot of confusion and difficulty in understanding how CVE works.

Show Notes

• Curl blog post
• Now it's PostgreSQL's turn to have a bogus CVE
• GitHub Advisory Database
• Josh's "CVE tried to get me fired" story

The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends and industry leading practices, specifically for the healthcare industry.

In this episode, our host Brian Selfridge highlights the following topics trending in healthcare cybersecurity this week:

• California’s Attorney General imposes a $250k settlement on healthcare app developer, Glow, Inc. for privacy and security violations of the Confidentiality of Medical Information Act (CMIA)
• British Airways GDPR fine of £20m; breach details, correlations to attacks on healthcare, and GDPR ramifications for healthcare organizations
• FDA’s announcement of a new Medical Device Development Tools (MDDT) program that includes a rubric for applying CVSS vulnerability ratings to medical devices
• Russians indicted in 2017 NotPetya ransomware attack
• Rundown of the top 10 healthcare breaches this past month