CVE Blog

The purpose of this blog is to establish a dialogue and get your input on issues and topics important to CVE. Right-click and copy a URL to share a post.

Please use our LinkedIn page, or the CVE Request Web Form by selecting “Other” from the dropdown, to comment on the post below.

Summary of your feedback about updating info in CVE ID Descriptions

Comment on LinkedIn | Share this post

Thank you for your responses to our most recent post "What's your opinion on updating CVE ID Descriptions?" about whether or not CVE ID Descriptions should be updated as new information becomes available, or if we should we reject and recreate the CVE IDs instead.

Updating of CVE ID Descriptions is preferred

The majority of respondents indicated that updating CVE ID Descriptions with new information is preferable to rejecting and issuing new CVE IDs.

The goals of CVE entries are to help people find the information they need about a vulnerability and provide enough information to allow people to be confident they are talking about the same vulnerability. Ensuring that CVE entries contain the most recent information on a vulnerability, either by updating an existing CVE entry or rejecting and issuing a new CVE entry, supports these goals.

Moving forward

As the CVE program continues to develop its policies and practices, we will consider the feedback from the CVE community on the benefits of updating CVE entries versus issuing new CVE entries.

If you have any further comments on the practice of updating CVE descriptions, please let us know. You can offer your feedback through the CVE Request Web Form by selecting “Other” from the dropdown.

Thank you again to all who participated.

- The CVE Team
  February 2, 2017
  CVE Request Web Form
(select “Other” from dropdown)

Recent Posts

Page Last Updated or Reviewed: August 24, 2020