Common Vulnerabilities and Exposures (CVE) is a publicly available catalog of security issues sponsored by the United States Department of Homeland Security (DHS).

Each security issue has a unique CVE ID number assigned by the CVE Numbering Authority (CNA). The purpose of creating a unique CVE ID number is to create a standardization for a vulnerability or exposure as a researcher identifies it.

Stages of Obtaining a CVE

Stage 1: Identify if CVE is Required and Relevant.

Stage 2: Reach Out to Affected Product Vendor.

Stage 3: Identify if Request Should Be For Vendor CNA or Third Party CNA.

Stage 4: Requesting CVE ID Through CVE Web Form.

Stage 5: Confirmation of CVE Form.

Stage 6: Receival of CVE ID.

Stage 7: Public Disclosure of CVE ID.

Stage 8: Announcing the CVE.

Stage 9: Providing Information to The CVE Team.

If an issue is not responsibly disclosed to a vendor, real threat actors may be able to leverage the issues for criminal use, also referred to as a zero day or an 0-day.

Last update: 2023-07-04
Created: July 4, 2023 14:27:47