search menu icon-carat-right cmu-wordmark

DevSecOps for the Community: Building, Provisioning, and Deploying CVE's Infrastructure and Services

This session was presented by Shane T. Ficorilli of MITRE at DevSecOps Days Pittsburgh, held virtually May 11, 2023.

Software Engineering Institute

Topic or Tag



In this session, we’ll be looking at the systems that support the CVE community. Over the past two years the CVE program has deployed the new CVE-Services API, as well as the new beta website. With the support of the community, MITRE has worked to adopt and implement DevSecOps methodologies and practices that have been a vital asset in building, provisioning, and deploying these systems that are used by CVE Numbering Authorities (CNAs), worldwide.

Some of the topics that we will discuss include

  • The purpose of the CVE program
  • What is CVE-Services and how does it make its way from GitHub to production?
  • DevSecOps culture in the CVE program