Common Vulnerabilities and Exposures (CVE) is a publicly available catalog of security issues sponsored by the United States Department of Homeland Security (DHS).
Each security issue has a unique CVE ID number assigned by the CVE Numbering Authority (CNA). The purpose of creating a unique CVE ID number is to create a standardization for a vulnerability or exposure as a researcher identifies it.
Stages of Obtaining a CVE
Stage 1: Identify if CVE is Required and Relevant.
Stage 2: Reach Out to Affected Product Vendor.
Stage 3: Identify if Request Should Be For Vendor CNA or Third Party CNA.
Stage 4: Requesting CVE ID Through CVE Web Form.
Stage 5: Confirmation of CVE Form.
Stage 6: Receival of CVE ID.
Stage 7: Public Disclosure of CVE ID.
Stage 8: Announcing the CVE.
Stage 9: Providing Information to The CVE Team.
If an issue is not responsibly disclosed to a vendor, real threat actors may be able to leverage the issues for criminal use, also referred to as a zero day or an 0-day.
Last update: 2023-07-04 Created: July 4, 2023 14:27:47