Collaborative Vulnerability Metadata Acceptance Process (CVMAP) for CVE Numbering Authorities (CNAs) and Authorized Data Publishers
Robert D. Byers, David A. Waltermire, Christopher A. Turner
The purpose of this document is to leverage the strength of technical knowledge provided by the Common Vulnerabilities and Exposures (CVE) Numbering Authorities (CNAs) and the application of consistent and unbiased CVE record metadata provided by the National Vulnerability Database (NVD) analysts through the formalization of a CVE record metadata submission process. This process will enable outside entities to submit CVE record metadata and allow this data to be presented to the end user with little to no NVD analyst involvement. For instances where the CVE record metadata is provided, the NVD analyst will serve in the role of auditor to ensure that consistent transparency and quality standards are applied, maintained, and communicated. Public recognition of the upstream participants' level of effort and consistency of data will be displayed on the public NVD website's CVE detail page to encourage and incentivize participation.
, Waltermire, D.
and Turner, C.
Collaborative Vulnerability Metadata Acceptance Process (CVMAP) for CVE Numbering Authorities (CNAs) and Authorized Data Publishers, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.IR.8246
(Accessed September 24, 2021)