NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.
Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.
An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Collaborative Vulnerability Metadata Acceptance Process (CVMAP) for CVE Numbering Authorities (CNAs) and Authorized Data Publishers
Published
Author(s)
Robert D. Byers, David A. Waltermire, Christopher A. Turner
Abstract
The purpose of this document is to leverage the strength of technical knowledge provided by the Common Vulnerabilities and Exposures (CVE) Numbering Authorities (CNAs) and the application of consistent and unbiased CVE record metadata provided by the National Vulnerability Database (NVD) analysts through the formalization of a CVE record metadata submission process. This process will enable outside entities to submit CVE record metadata and allow this data to be presented to the end user with little to no NVD analyst involvement. For instances where the CVE record metadata is provided, the NVD analyst will serve in the role of auditor to ensure that consistent transparency and quality standards are applied, maintained, and communicated. Public recognition of the upstream participants' level of effort and consistency of data will be displayed on the public NVD website's CVE detail page to encourage and incentivize participation.
Byers, R.
, Waltermire, D.
and Turner, C.
(2020),
Collaborative Vulnerability Metadata Acceptance Process (CVMAP) for CVE Numbering Authorities (CNAs) and Authorized Data Publishers, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.IR.8246
(Accessed October 7, 2025)