Versions Compared

Old Version 12

changes.mady.by.user Garret Wassermann

Saved on

compared with

New Version 13

changes.mady.by.user Garret Wassermann

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Contact the vendor that provides the vulnerability product, if the vendor is a CNA. Many vendors have a specific security contact or bug bounty program you can contact, and are CNAs that can assign a CVE ID directly. MITRE provides a list of CNAs.
  • Or, contact MITRE at cve-assign@mitre.org to receive a CVE IDrequest a CVE directly from MITRE by submitting the form at https://cveform.mitre.org/. MITRE also provides more information on contacting CVE who to contact to receive a CVE ID, including PGP key.
  • Or, if you have trouble reaching a vendor or require other assistance in coordinating and disclosing your vulnerability, feel free to contact us (the CERT/CC) for assistance. The best way to contact the CERT/CC is to fill out our Vulnerability Report Form, but you may also email us at cert@cert.org with PGP-encrypted email.

...

  • Disclose your vulnerability to a security-related mailing list such as Bugtraq or Full Disclosure. MITRE watches these mailing lists and will respond to requests for CVE ID directly.
  • Or, you may contact MITRE at cve-assign@mitre.org and provide links to the public references for the vulnerabilityrequest a CVE directly from MITRE by submitting the form at https://cveform.mitre.org/. The CVE form allows you to submit a URL to your publication for reference in the CVE document.

To request a CVE ID If the vulnerability is ALREADY public:

  • MITRE is the only source for investigating and assigning a CVE ID for vulnerabilities disclosed publicly. Contact MITRE at cve-assign@mitre.org and provide links to the public references for the vulnerabilityRequest a CVE directly from MITRE by submitting the form at https://cveform.mitre.org/. The CVE form allows you to submit a URL to any public references to the vulnerability you find.

In all cases, when requesting a CVE ID, you should include information about the vulnerability and which products and versions are affected. For more information on how to report vulnerabilities and what information to include in your report, see our Guidelines for Requesting Coordination Assistance.

...

...