Chris Butera
Chris Butera serves as the Acting Head for Cyber at the Cybersecurity and Infrastructure Security Agency (CISA). In this position, he leads efforts to counter the nation’s most critical cyber threats and bolster the resilience of U.S. critical infrastructure. With over two decades of experience in cybersecurity and IT leadership across federal, local, and private sectors, he has led much of CISA's major cyber defense operations as well as technical strategic initiatives from 2014 to present. He currently serves on the boards of the Technology Modernization Fund and FedRAMP. He holds MS and BS degrees in Computer Science from the University of Chicago and the University of Notre Dame respectively.
Session
The CVE Program is a pillar of the cybersecurity ecosystem. For more than a quarter century, it has provided an authoritative source of data about vulnerabilities for software users. It is also critical for continuing to drive security into the design and development process. However, over the last 18 months, both the CVE Program and the US National Vulnerability Database have faced funding challenges. At the same time, developments in the European Union have led to the creation of the EU Vulnerability Database. Congress has taken note, and in June, members requested a formal audit of the program. What are the challenges facing the CVE Program? How should these be communicated to policymakers in a way that maintains the critical function and avoids a fractioning of the ecosystem? What are new governance models that should be considered?