CVE Blog

Summary of your feedback about updating info in CVE ID Descriptions

Comment on LinkedIn | Share this post

Thank you for your responses to our most recent post "What's your opinion on updating CVE ID Descriptions?" about whether or not CVE ID Descriptions should be updated as new information becomes available, or if we should we reject and recreate the CVE IDs instead.

Updating of CVE ID Descriptions is preferred

The majority of respondents indicated that updating CVE ID Descriptions with new information is preferable to rejecting and issuing new CVE IDs.

The goals of CVE entries are to help people find the information they need about a vulnerability and provide enough information to allow people to be confident they are talking about the same vulnerability. Ensuring that CVE entries contain the most recent information on a vulnerability, either by updating an existing CVE entry or rejecting and issuing a new CVE entry, supports these goals.

Moving forward

As the CVE program continues to develop its policies and practices, we will consider the feedback from the CVE community on the benefits of updating CVE entries versus issuing new CVE entries.

If you have any further comments on the practice of updating CVE descriptions, please let us know. You can offer your feedback through the CVE Request Web Form by selecting “Other” from the dropdown.

Thank you again to all who participated.