U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Collaborative Vulnerability Metadata Acceptance Process (CVMAP) for CVE Numbering Authorities (CNAs) and Authorized Data Publishers

Published

Author(s)

Robert D. Byers, David A. Waltermire, Christopher A. Turner

Abstract

The purpose of this document is to leverage the strength of technical knowledge provided by the Common Vulnerabilities and Exposures (CVE) Numbering Authorities (CNAs) and the application of consistent and unbiased CVE record metadata provided by the National Vulnerability Database (NVD) analysts through the formalization of a CVE record metadata submission process. This process will enable outside entities to submit CVE record metadata and allow this data to be presented to the end user with little to no NVD analyst involvement. For instances where the CVE record metadata is provided, the NVD analyst will serve in the role of auditor to ensure that consistent transparency and quality standards are applied, maintained, and communicated. Public recognition of the upstream participants' level of effort and consistency of data will be displayed on the public NVD website's CVE detail page to encourage and incentivize participation.
Citation
NIST Interagency/Internal Report (NISTIR) - 8246
Report Number
8246
NIST Pub Series
NIST Interagency/Internal Report (NISTIR)
Pub Type
NIST Pubs

Download Paper

DOI Link

Keywords

Accreditation Level, Authorized Data Publisher, ADP, Common Vulnerabilities and Exposures, CVE, Numbering Authority, CNA, submission category
Cybersecurity education and workforce development and Cybersecurity

Citation

Byers, R. , Waltermire, D. and Turner, C. (2020), Collaborative Vulnerability Metadata Acceptance Process (CVMAP) for CVE Numbering Authorities (CNAs) and Authorized Data Publishers, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.IR.8246 (Accessed April 25, 2024)

Created December 14, 2020, Updated May 4, 2021