The CVE Program welcomes innovative ideas and new feature requests from the community in our CVE Program Ideas repository on GitHub.com. We encourage you to submit any suggestions you may have to enhance the CVE Program and help us better serve the broader community. Submissions could include programmatic rule/policy suggestions…

The CVE Program’s quarterly summary of program milestones and metrics for Q2 CY 2023. Q2 CY 2023 Milestones 22 CVE Numbering Authorities (CNAs) Added The twenty-two (22) new CNAs added this quarter are listed below under their Top-Level Root (TL-Root) or Root. Scope of coverage is described next to their organization name. Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control…

A major change is coming in how CVE content is provided that will affect products that consume CVE content. CNA partners, tool vendors, and other parties that use CVE download files for automation or other purposes should pay particular attention to this upcoming change. Legacy CVE Content Formats Your Products Are Using to Be Phased Out The CVE Program has a new…

The “We Speak CVE” podcast focuses on cybersecurity, vulnerability management, and the CVE Program. Host Shannon Sabens of CrowdStrike chats with Julia Turkevich of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) about the myths and facts of partnering with the CVE Program as a CVE Numbering Authority (CNA). Truth…

There are now 301 organizations from around the world participating as CVE Numbering Authorities (CNAs) in the CVE Program: 299 CNAs and 2 CNAs of Last Resort (CNA-LR). CNAs are vendor, researcher, open source, CERT, hosted service, and bug bounty provider organizations authorized by the CVE Program to assign CVE…

The CVE Program’s quarterly summary of program milestones and metrics for Q1 CY 2023. Q1 CY 2023 Milestones Seventeen CVE Numbering Authorities (CNAs) Added The seventeen (17) new CNAs added this quarter are listed below under their Top-Level Root (TL-Root) or Root. Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS) TL-Root: B. Braun SE for B. Braun’s commercially…

Members of the CVE community recently convened, both in-person and virtually, for the “CVE Global Summit Spring 2023” to discuss CVE and cybersecurity, best practices, lessons learned, new opportunities, and more. The CVE Program holds global summits twice per year, in the spring and fall. Summit participants include representatives from…

The CVE Program website now contains 200,895 CVE Records (as of April 25, 2023), each of which identifies and defines a publicly disclosed cybersecurity vulnerability. CVE, an international community effort, began in 1999 with just 321 common records on the CVE List. CVE Records are published by organizations from around the world that have partnered with the CVE Program as a CVE Numbering Authority (CNA). CNAs join the program from a variety of business sectors; there are minimal requirements, and there is no monetary fee or contract to sign. To date, 288 organizations from 36 countries have partnered with the CVE Program and are actively publishing CVE Records.

The CVE Program is hosting a CVE Booth (#6566) this week on April 25–27, 2023, at RSA Conference 2023 at the Moscone Center in San Francisco, California, USA. Our booth is located in Moscone North Expo, and we will be there throughout all three days of the expo: April 25 and April 26 from 10:00 AM — 6:00 PM PT, and on April 27 from 10:00 AM — 3:00 PM PT. View the North Expo floor plan. CVE community members will be available in the booth to discuss how easy it is to partner with the CVE Program as a CVE Numbering Authority (CNA) and the many benefits of joining. Please stop by and say hello!