CVE Blog
The purpose of this blog is to establish a dialogue and get your input on issues and topics important to CVE. Right-click and copy a URL to share a post.
Please use our LinkedIn page, or the CVE Request Web Form by selecting “Other” from the dropdown, to comment on the post below.
Become a CNA to Assign Your Own CVE IDs
Comment on LinkedIn | Share this post
CVE Numbering Authorities, or “CNAs,” are organizations authorized to assign and populate CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope.
A CNA may be a software vendor, open source project, coordination center, bug bounty service provider, or research group. CNAs are essential to the CVE Program’s success and every CVE Entry added to the CVE List is added by a CNA.
Benefits of Being a CNA
Currently, 101 organizations from around the world are actively participating in the CVE Program as CNAs. There is no monetary fee and no contract to sign to become a CNA. CNAs volunteer their own time for their own benefit.
The only requirements are to have a public vulnerability disclosure policy and a public source for new vulnerability disclosures, to agree to the CVE Terms of Use, and agree to follow the program’s rules and guidelines.
Becoming a CNA allows you to:
- Demonstrate mature vulnerability management practices and a commitment to cybersecurity to current and potential customers.
- Communicate value-added vulnerability information to your customer base.
- Control the CVE publication release process for vulnerabilities in your scope.
- Assign CVE IDs without having to share embargoed information with another CNA.
- Streamline your vulnerability disclosure processes.
CNAs are also able to participate in other aspects of the CVE Program. Examples include influencing the CNA rules and guidelines upon which the program operates, and joining one or more of the CVE Working Groups to help improve CVE workflows and processes.
How to Become a CNA
If your organization would like to become a CNA, please follow these four easy steps:
- Contact the CNA Coordination Team.
- Fill out the registration form.
- Attend an introductory session.
- Successfully create CVE ID entries from examples.
Comments or Questions?
If you have any questions, or would like to start the process, please use our CVE Request Web Form and select “Request information on the CVE Numbering Authority (CNA) Program” from the dropdown.
We look forward to hearing from you!
| - | The CVE Team |
| August 29, 2019 | |
|
CVE Request Web Form (select “Other” from dropdown) |
Recent Posts
- We Speak CVE Podcast: CVE Working Groups, What They Are and How They Improve CVE
- We Speak CVE Podcast: Managing Modernization and Automation Changes in the CVE Program
- Our CVE Story: Leading the Way for Vulnerability Disclosures in Physical Security Systems (guest author)
- We Speak CVE Podcast: How the New CVE Record Format Is a Game Changer
- Our CVE Story: JPCERT/CC (guest author)
- More >>
