Content Guild

Home / news

What is the Mitre CVE?

Carter Sullivan |

What is the Mitre CVE?

Common Vulnerabilities and Exposures (CVE) is a list of publicly disclosed information security vulnerabilities and exposures. CVE was launched in 1999 by the MITRE corporation to identify and categorize vulnerabilities in software and firmware.

Who can request a CVE?

Steps 2, 10, 11, and 12 in the list below provide details on proper use and sharing of CVE IDs. Anyone (researchers, vendors, or third-parties) can request a CVE ID be assigned to a vulnerability so long as they make the request using the proper channels.

Where do I send CVE?

Submit a CVE Request. IMPORTANT: Please add [email protected] and [email protected] as safe senders in your email client before completing this form.

What information does a CVE document provide?

Each CVE Record includes appropriate references. Each reference used in CVE (1) identifies the source, (2) includes a well-defined identifier to facilitate searching on a source’s website, and (3) notes the associated CVE Record.

What is CVE code?

Common Vulnerabilities and Exposures (CVE) is a database of publicly disclosed information security issues. A CVE number uniquely identifies one vulnerability from the list. Enterprises typically use CVE, and corresponding CVSS scores, for planning and prioritization in their vulnerability management programs.

Who creates CVE?

CNA
CVEs are assigned by a CVE Numbering Authority (CNA). While some vendors acted as a CNA before, the name and designation was not created until February 1, 2005. there are three primary types of CVE number assignments: The Mitre Corporation functions as Editor and Primary CNA.

Do all vulnerabilities have a CVE?

According to WhiteSource’s 2018 Annual Report on the State of Open Source Vulnerabilities Management, only 86% of all reported open source vulnerabilities make it into MITRE’s CVE list. This means that another 14% of vulnerabilities are reported elsewhere outside of MITRE’s vulnerability glossary.

Who owns a CVE?

CVE identifiers are assigned by a CVE Numbering Authority (CNA). There are about 100 CNAs, representing major IT vendors—such as Red Hat, IBM, Cisco, Oracle, and Microsoft—as well as security companies and research organizations. MITRE can also issue CVEs directly.

Who runs MITRE?

MITRE’s President and CEO Jason Providakes leads our mission-driven teams to solve problems for a safer world. MITRE’s President and CEO Jason Providakes leads our mission-driven teams to solve problems for a safer world.

When was MITRE founded?

1958
The MITRE Corporation/Founded
MITRE has worked at the intersection of advanced technology and vital global concerns since our founding in 1958 as a private, not-for-profit company providing engineering and technical guidance for the federal government.

You Might Also Like