CVE List Rules and Guidance

CVE List rules and guidance are how the CVE Program ensures that CVE Entries are created in a consistent fashion, independent of which CVE Numbering Authority (CNA) is doing the creation. The documents below explain this process in more detail:


CVE Assignment Rules

The nature and accuracy of the assignment process underpins the value of a CVE Entry. Correct assignment reduces the likelihood of duplicate CVE Entries being assigned to a single vulnerability. Also, some reports of vulnerabilities may confuse or conflate multiple, separate software problems, and the counting process helps to differentiate between those vulnerabilities that are unique.


CVE Entry Requirements

Provides the required format that CNAs must use to provide CVE information for assigning CVE Entries.


Process to Correct Assignment Issues or Update CVE Entries

There are many places where the CVE Entry assignment process can break down. Since mistakes are inevitable, processes to correct them are necessary.


CVE Numbering Authorities

All CVE Entries are assigned by CNAs. This page defines the role of CNAs; provides access to documentation for CNAs, including links to the CNA Rules and Submitting CVE Assignment Information to the CVE Team guidance; and describes why and how to become a CNA.

Page Last Updated or Reviewed: March 18, 2020