Steve Christey

Principal Cybersecurity Engineer
Cybersecurity

Steve Christey is a Principal Information Security Engineer in the Cybersecurity Division at MITRE, supporting the U.S. Food and Drug Administration’s Center for Devices and Radiological Health (FDA CDRH) on medical device cybersecurity, including vulnerability analysis and developing methods of applying a Common Vulnerability Scoring System (CVSS) in a healthcare context.  Steve was co-creator and Editor of the Common Vulnerabilities and Exposures (CVE) list and chair of the CVE Editorial Board from 1999 to 2015. He is the technical lead for the Common Weakness Enumeration (CWE), the Common Weakness Scoring System (CWSS), and the CWE/SANS Top 25 Most Dangerous Software Errors. He was a co-author of the “Responsible Vulnerability Disclosure Process” Internet Engineering Task Force (IETF) draft with Chris Wysopal in 2002. Mr. Christey was an active contributor to other community-oriented efforts such as CVSS, the Common Vulnerability Reporting Framework (CVRF), and the National Institute of Standards and Technology’s (NIST’s) Static Analysis Tool Exposition (SATE). His interests include adapting traditional IT security methodologies to new areas, software assurance, improving vulnerability information exchange, and making the cybersecurity profession more inclusive for anybody who seeks a place in it. He holds a B.S. in Computer Science from Hobart College with a minor in Sociology.