| Table of Contents |
|---|
What is CVE?
CVE stands for Common Vulnerabilities and Exposures, and is referred to as "a dictionary of publicly known information security vulnerabilities and exposures." It is currently operated by MITRE Corporation under a contract with the U.S. Dept. of Homeland Security. For more information on CVE and other related FAQ's, please see MITRE's CVE page.
...
If you are a vendor and have a comment about something on NVD, contact nvd@nist.gov.
Vulnerability ID Alternatives
Several community-sponsored vulnerability ID alternatives have recently been announced. These vulnerability IDs are used in a similar way to CVE IDs: they are unique identifiers for a particular vulnerability.
A good discussion of these alternatives is provided by CERT/CC's Allen Householder in the blog post "Vulnerability IDs, Fast and Slow".
Security researchers that require a vulnerability ID quickly may consider requesting one of these alternate IDs until a CVE is assigned.
Distributed Weakness Filing (DWF)
Open Vulnerability ID (OVI)
Openwall Vulnerability ID (OVE)
References
Others have written about the CVE process. For example, you may consult the following for more information:
...