News & Events

Please use our LinkedIn page to comment on the articles below, or send an email to cve@mitre.org.
Right-click and copy a URL to share an article.

Minutes from CVE Board Teleconference Meeting on December 12 Now Available
January 9, 2019 | Share this article

The CVE Board held a teleconference meeting on December 12, 2018. Read the meeting minutes.

CVE Is Main Source of Vulnerability Data Used in Tenable’s 2018 Vulnerability Intelligence Report
January 3, 2019 | Share this article

CVE is the main source of vulnerability data used in Tenable, Inc.'s 2018 Vulnerability Intelligence Report, which discusses “general overall trends in vulnerabilities and operationalized intelligence based on what enterprises actually have to deal with in their own environments.”

The authors of the report found that the “discovery and disclosure of vulnerabilities continue to grow in volume and pace. In 2017 alone, an average of 41 new vulnerabilities were published every single day, for a total of 15,038 for the year. Additionally, the growth in newly disclosed vulnerabilities from the first half of 2018 showed a 27 percent increase over the first half of 2017.”

In the report, the authors “provide an overview of current vulnerability disclosure trends and insights into real-world vulnerability demographics in enterprise environments [and] analyze vulnerability prevalence in the wild, based on the number of affected enterprises, to highlight vulnerabilities that security practitioners are dealing with in practice – not just in theory.” From their study, the authors conclude that “managing vulnerabilities is a challenge of scale, velocity and volume. It is not just an engineering challenge, but requires a risk-centric view to prioritize thousands of vulnerabilities that superficially all seem the same.”

Read the complete report at: https://www.tenable.com/cyber-exposure/vulnerability-intelligence/. The report is free to download, but sign-up may be required.

Minutes from CVE Board Teleconference Meeting on November 28 Now Available
December 11, 2018 | Share this article

The CVE Board held a teleconference meeting on November 28, 2018. Read the meeting minutes.

MongoDB Added as CVE Numbering Authority (CNA)
December 10, 2018 | Share this article

MongoDB is now a CVE Numbering Authority (CNA) for MongoDB products only.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 93 organizations currently participate as CNAs: Adobe; Airbus; Alibaba; Android; Apache; Apple; Appthority; ASUSTOR; Atlassian; Autodesk; Avaya; BlackBerry; Booz Allen Hamilton; Brocade; CA; Canonical; CERT/CC; Check Point; Cisco; Cloudflare; CyberSecurity Philippines - CERT; Dahua; Debian GNU/Linux; Dell; Distributed Weakness Filing Project; Drupal.org; Duo; Eclipse Foundation; Elastic; F5; Facebook; Flexera Software; Forcepoint; Fortinet; FreeBSD; Google; HackerOne; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; ICS-CERT; Intel; ISC; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (CVE Program Root CNA); MongoDB; Mozilla; Naver; NetApp; Netflix; Netgear; Node.js; Nvidia; Objective Development; Odoo; OpenSSL; Oracle; Palo Alto Networks; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Riverbed; SAP; Schneider Electric; Siemens; SonicWALL; Symantec; Synology; Talos; Tenable; TIBCO; Trend Micro; TWCERT/CC; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

New CVE Board Member from DHS
December 10, 2018 | Share this article

Kathleen Trimble of U.S. Department of Homeland Security (DHS) has joined the CVE Board.

Read the full announcement and welcome message in the CVE Board email discussion list archive.

Minutes from CVE Board Teleconference Meeting on November 14 Now Available
December 10, 2018 | Share this article

The CVE Board held a teleconference meeting on November 14, 2018. Read the meeting minutes.

Page Last Updated or Reviewed: January 09, 2019