Organizations Compliant with the New CVE ID Syntax (Archived)

CVE has a new ID numbering format for CVE Identifiers (i.e., CVE IDs) that requires organizations to take action to ensure their products, tools, and processes continue to work properly now that CVE ID numbers are being issued using the new syntax. This page recognizes those software vendors and cybersecurity organizations that have updated to the new CVE ID numbering format. Read the press release.

Learn more:

Back to top

Declarations of CVE ID Syntax Compliance

The organizations listed below have declared that they are, or will be, compliant with the new syntax. Organizations are listed alphabetically. Current total: 21

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

Adobe

Date Declared: September 16, 2014
Compliant: Yes
Website: http://www.adobe.com/
Declaration Quote: Not provided

Back to top

CA Technologies

Date Declared: September 18, 2014
Compliant: Yes
Website: http://www.ca.com/
Declaration Quote: Not provided

Back to top

CERIAS at Purdue University

Date Declared: September 16, 2014
Compliant: Yes
Website: http://www.cerias.purdue.edu/
Declaration Quote: "CERIAS has adopted the new CVE ID format in the Cassandra service. The need for the new format is a testament to the usefulness of the CVE and the progress we still need to make in preventing vulnerabilities." – Pascal Meunier

Back to top

CERT Coordination Center (CERT/CC)

Date Declared: September 16, 2014
Compliant: Yes
Website: http://www.cert.org/
Declaration Quote: "The growth of software and device markets (networked "things"), the expansion of the security research community, and the development of automated vulnerability discovery tools all drive increasing demand for CVE ID assignments." – Art Manion, Vulnerability Analyst, CERT Coordination Center

Back to top

CERT-IST

Date Declared: September 16, 2014
Compliant: Yes
Website: http://www.cert-ist.com
Declaration Quote: Not provided

Back to top

EMC Corporation

Date Declared: September 16, 2014
Compliant: Yes
Website: http://www.emc.com/
Declaration Quote: Not provided

Back to top

High-Tech Bridge SA

Date Declared: September 16, 2014
Compliant: Yes (Read our news release)
Website: http://www.htbridge.com/
Declaration Quote: "The number of software vulnerabilities is continuously growing every year and it is very important to make sure that each discovered vulnerability has a unique globally-recognized identifier, such as the CVE ID. The new format of the CVE ID is an efficient response to the growth that will ensure that despite the increasing number of new vulnerabilities they will remain manageable. At High-Tech Bridge we are proud to be part of MITRE's CVE program that we use both for our security research and our information security services." - Ilia Kolochenko, CEO

Back to top

IBM

Date Declared: September 16, 2014
Compliant: Yes
Website: http://xforce.iss.net/
Declaration Quote: Not provided

Back to top

ICS-CERT

Date Declared: September 16, 2014
Compliant: Yes
Website: https://ics-cert.us-cert.gov/
Declaration Quote: Not provided

Back to top

Information-technology Promotion Agency, Japan (IPA)

Date Declared: September 16, 2014
Compliant: Yes
Website: www.ipa.go.jp/index-e.html
Declaration Quote: "So the new era is about to begin. JVN iPedia is ready for the new syntax. Through our JVN Security Content Automation Framework, we'll collaborate with MITRE and actively adopt SCAP/CYBEX in support of the Making Security Measurable initiative." – Dr. Masato Terada, IPA

Back to top

Japan Computer Emergency Response Team Coordination Center (JPCERT/CC)

Date Declared: September 16, 2014
Compliant: Yes (Read our news release)
Website: http://www.jpcert.or.jp/english/
Declaration Quote: Not provided

Back to top

LP3

Date Declared: September 16, 2014
Compliant: Yes
Website: http://www.LP3.com
Declaration Quote: "CVE is the standard for naming vulnerabilities globally. I can’t even imagine the confusion we have avoided by using CVE to properly identify, manage, and track vulnerabilities and mitigation. This numbering change is an important extension of the CVE ID to enable continued growth of this capability." - Scott A. Lawler, CISSP-ISSAP, ISSMP, HCISPP, Chairman/CEO

Back to top

Microsoft Corporation

Date Declared: September 16, 2014
Compliant: Yes
Website: http://www.microsoft.com/
Declaration Quote: "Customer protection is a priority for Microsoft and we are pleased to support the new standardized CVE ID format which extends customer access to crucial information about CVEs." – Elizabeth Scott, Principal Program Manager, Microsoft Trustworthy Computing

Back to top

National Institute of Standards and Technology, National Vulnerability Database (NVD)

Date Declared: September 16, 2014
Compliant: Yes
Website: http://nvd.nist.gov/
Declaration Quote: Not provided

Back to top

NSFOCUS

Date Declared: September 16, 2014
Compliant: Yes (Read our news release)
Website: http://www.nsfocus.com/
Declaration Quote: "NSFOCUS's products flexibly store data by CVE ID, enabling seamless compatibility with new CVE ID formats and even longer ID formats." – Steven Cai

Back to top

Oracle Corporation

Date Declared: September 16, 2014
Compliant: Yes
Website: http://www.oracle.com/
Declaration Quote: Not provided

Back to top

Red Hat, Inc.

Date Declared: September 16, 2014
Compliant: Yes
Website: https://access.redhat.com/security/cve/
Declaration Quote: "Red Hat provides a database of CVE that affect our products and services, https://access.redhat.com/security/cve/. This database fully supports the new CVE syntax." – Mark Cox, Senior Director of Red Hat Product Security

Back to top

SecurityTracker

Date Declared: September 16, 2014
Compliant: Yes
Website: http://securitytracker.com/
Declaration Quote: "With number of vulnerabilities being reported only going up, the CVE format change is essential in helping us keep track of the latest vulnerabilities."

Back to top

SUSE LLC

Date Declared: September 16, 2014
Compliant: Yes
Website: https://www.suse.com/
Declaration Quote: Not provided

Back to top

Symantec Corporation

Date Declared: September 16, 2014
Compliant: Yes
Website: http://www.symantec.com/
Declaration Quote: Not provided

Back to top

Tenable Network Security

Date Declared: September 18, 2014
Compliant: Yes, except Passive Vulnerability Scanner (targeted for Q4 2014)
Website: http://www.tenable.com
Declaration Quote: Not provided

Back to top
Page Last Updated or Reviewed: December 15, 2017