News & Events

Please use our LinkedIn page to comment on the articles below, or use our CVE Request Web Form by selecting “Other” from the dropdown.
Right-click and copy a URL to share an article.

Vaadin Added as CVE Numbering Authority (CNA)
April 12, 2021 | Share this article

Vaadin Ltd. is now a CVE Numbering Authority (CNA) for all Vaadin products and supported open-source projects hosted at https://github.com/vaadin. Vaadin’s Root is the MITRE Top-Level Root. Read the Vaadin news release.

To date, 163 organizations from 27 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

CVE Blog Publishes Article by CVE Community Member Mark Cox
April 12, 2021 | Share this article

In his article on the CVE Blog, CVE Board Member Mark Cox of the Apache Software Foundation (ASF) discusses how ASF has partnered with the CVE Program as a CVE Numbering Authority (CNA) and its participation in the CVE Automation Working Group in “Our CVE Story: An Open-Source, Community-Based Example.”

Axis Added as CVE Numbering Authority (CNA)
April 8, 2021 | Share this article

Axis Communications AB is now a CVE Numbering Authority (CNA) for Axis products and solutions only. Axis’ Root is the MITRE Top-Level Root. Read the Axis news release.

To date, 162 organizations from 27 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Minutes from CVE Board Teleconference Meeting on March 31 Now Available
April 6, 2021 | Share this article

The CVE Board held a teleconference meeting on March 31, 2021. Read the meeting minutes.

Message to DWF from the CVE Board
April 2, 2021 | Share this article

Kurt Seifried and Josh Bressers,

The CVE Board encourages innovative approaches to improve cybersecurity. In this regard, we wish you the best of luck with respect to improving the vulnerability management ecosystem.

It has come to the CVE Board’s attention that DWF has recently begun attempting to issue CVE IDs via its GitHub community site. To the CVE Board’s knowledge, DWF has issued at least eight ID numbers that DWF purports to be “CVE” IDs. As you are aware, only CVE Numbering Authorities (CNAs) approved by the CVE Board are authorized to issue valid CVE IDs. DWF is not an approved CNA.

Attempts by non-CNAs to issue unauthorized “CVE” IDs is disruptive to the CVE numbering system no matter where these unapproved IDs fall in the numbering order, and this creates confusion in the CVE contributor and user communities. Issuing unauthorized “CVE” IDs undermines public trust in the entire CVE system. This erosion of trust degrades the CVE community’s ability to provide a free public resource to track vulnerabilities and reduce cybersecurity risk. Further, we consider issuing unauthorized “CVE” IDs to be unfair competition and a misappropriation of the trusted “CVE” brand that the CVE community has spent many years building. Finally, MITRE confirms it has not licensed DWF to use this mark, which is a registered trademark of the MITRE Corporation.

The CVE Board welcomes contributions from the cybersecurity community and encourages organizations to apply for CNA status. The CVE Board notes that DWF has not attempted to reapply for CNA status, and invites DWF do so. However, until DWF is an approved CNA, the CVE Board requests that DWF cease issuing “CVE” IDs and rename all current and future IDs that DWF issues.

Thank you for your prompt attention to this matter.

- The CVE Board

Synopsys Added as CVE Numbering Authority (CNA)
March 30, 2021 | Share this article

Synopsys is now a CVE Numbering Authority (CNA) for all Synopsys SIG products, as well as vulnerabilities in third-party software discovered by Synopsys SIG that are not in another CNA’s scope. Synopsys’ Root is the MITRE Top-Level Root.

To date, 161 organizations from 26 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

NEC Corporation Added as CVE Numbering Authority (CNA)
March 30, 2021 | Share this article

NEC Corporation is now a CVE Numbering Authority (CNA) for NEC issues only. NEC’s Root is the JPCERT/CC Root.

To date, 160 organizations from 26 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Minutes from CVE Board Teleconference Meeting on March 17 Now Available
March 23, 2021 | Share this article

The CVE Board held a teleconference meeting on March 17, 2021. Read the meeting minutes.

DeepSurface Security Added as CVE Numbering Authority (CNA)
March 22, 2021 | Share this article

DeepSurface Security, Inc. is now a CVE Numbering Authority (CNA) for all DeepSurface products, as well as vulnerabilities in third-party software discovered by DeepSurface that are not in another CNA’s scope. DeepSurface’s Root is the MITRE Top-Level Root.

To date, 159 organizations from 26 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Environmental Systems Research Institute Added as CVE Numbering Authority (CNA)
March 22, 2021 | Share this article

Environmental Systems Research Institute, Inc. (Esri) is now a CVE Numbering Authority (CNA) for all Esri products only. Esri’s Root is the MITRE Top-Level Root.

To date, 158 organizations from 26 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Xen Project Added as CVE Numbering Authority (CNA)
March 15, 2021 | Share this article

Xen Project is now a CVE Numbering Authority (CNA) for all sub-projects under Xen Project’s umbrella (see Xen Project Teams), except those sub-projects that have their own security response process; and the Xen components inside other projects, where Xen Project is the primary developer. Xen Project’s Root is the MITRE Top-Level Root.

To date, 158 organizations from 26 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

CVE Blog Publishes Article by CVE Community Member and Independent Vulnerability Researcher CNA Larry Cashdollar
March 15, 2021 | Share this article

In his article on the CVE Blog, CVE community member and independent vulnerability researcher CVE Numbering Authority (CNA) Larry Cashdollar discusses “My CVE Story: How I Became the CVE Program’s First Vulnerability Researcher CNA.”

Minutes from CVE Board Teleconference Meeting on March 3 Now Available
March 9, 2021 | Share this article

The CVE Board held a teleconference meeting on March 3, 2021. Read the meeting minutes.

Important Message About CVE ID Assignment
March 8, 2021 | Share this article

This is a reminder to the community that only CVE Numbering Authorities (CNAs) are authorized to assign CVE IDs.

CVE IDs obtained in some other way are not recognized by the CVE Program.

Arista Added as CVE Numbering Authority (CNA)
March 8, 2021 | Share this article

Arista Networks, Inc. is now a CVE Numbering Authority (CNA) for all Arista products only. Arista’s Root is the MITRE Top-Level Root.

To date, 157 organizations from 26 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Mautic Added as CVE Numbering Authority (CNA)
March 2, 2021 | Share this article

Mautic is now a CVE Numbering Authority (CNA) for Mautic core and officially supported plugins. Mautic’s Root is the MITRE Top-Level Root.

To date, 156 organizations from 26 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Simplinx Added as CVE Numbering Authority (CNA)
March 2, 2021 | Share this article

Simplinx Ltd. is now a CVE Numbering Authority (CNA) for Simplinx products only. Simplinx’s Root is the CISA ICS Top-Level Root.

To date, 155 organizations from 26 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Xylem Added as CVE Numbering Authority (CNA)
March 2, 2021 | Share this article

Xylem is now a CVE Numbering Authority (CNA) for Xylem products and technologies only. Xylem’s Root is the CISA ICS Top-Level Root.

To date, 154 organizations from 25 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Minutes from CVE Board Teleconference Meeting on February 17 Now Available
February 23, 2021 | Share this article

The CVE Board held a teleconference meeting on February 17, 2021. Read the meeting minutes.

Minutes from CVE Board Teleconference Meeting on February 3 Now Available
February 9, 2021 | Share this article

The CVE Board held a teleconference meeting on February 3, 2021. Read the meeting minutes.

Swift Project Added as CVE Numbering Authority (CNA)
February 4, 2021 | Share this article

Swift Project is now a CVE Numbering Authority (CNA) for the Swift Project only. Swift Project’s Root is the MITRE Top-Level Root.

To date, 153 organizations from 25 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

CVE Blog Publishes Article by CVE Community Member Jonn Perez of Trend Micro
February 1, 2021 | Share this article

In his article on the CVE Blog, CVE community member Jonn Perez of CVE Numbering Authority (CNA) Trend Micro discusses the benefits of leveraging the CVE Program in its vulnerability discovery and disclosure processes in “Our CVE Story: Learning to Embrace Recognition and Mitigations of Vulnerabilities as a Strength.”

New CVE Board Member from Pen Test Partners
January 20, 2021 | Share this article

Ken Munro of Pen Test Partners LLP has joined the CVE Board.

Read the full announcement and welcome message in the CVE Board email discussion list archive.

Minutes from CVE Board Teleconference Meeting on January 6 Now Available
January 15, 2021 | Share this article

The CVE Board held a teleconference meeting on January 6, 2021. Read the meeting minutes.

Sophos Added as CVE Numbering Authority (CNA)
January 13, 2021 | Share this article

Sophos Limited is now a CVE Numbering Authority (CNA) for Sophos issues only. Sophos’ Root is the MITRE Top-Level Root. Read the Sophos news release.

To date, 152 organizations from 25 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

WPScan Added as CVE Numbering Authority (CNA)
January 12, 2021 | Share this article

WPScan is now a CVE Numbering Authority (CNA) for WordPress core, plugins, and themes. WPScan’s Root is the MITRE Top-Level Root. Read the WPScan news release.

To date, 151 organizations from 25 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Samsung Mobile Added as CVE Numbering Authority (CNA)
January 11, 2021 | Share this article

Samsung Mobile is now a CVE Numbering Authority (CNA) for Samsung Mobile Galaxy products, personal computers, and related services only. Samsung Mobile’s Root is the MITRE Top-Level Root.

To date, 150 organizations from 25 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Page Last Updated or Reviewed: April 12, 2021