Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Guide to Using Vulnerability Naming Schemes

Published

Author(s)

David A. Waltermire, Karen Scarfone

Abstract

This publication provides recommendations for using two vulnerability naming schemes: Common Vulnerabilities and Exposures (CVE) and Common Configuration Enumeration (CCE). Draft SP 800-51 Revision 1 gives an introduction to both naming schemes and makes recommendations for end-user organizations on using their names. The publication also presents recommendations for software and service vendors on how they should use vulnerability names and naming schemes in their product and service offerings. [Supersedes SP 800-51 (September 2002): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=151265]
Citation
Special Publication (NIST SP) - 800-51 Rev 1
Report Number
800-51 Rev 1

Keywords

CCE, Common Configuration Enumeration, Common Vulnerabilities and Exposures, CVE, SCAP, security automation, security configuration, Security Content Automation Protocol, vulnerabilities, vulnerability naming

Citation

Waltermire, D. and Scarfone, K. (2011), Guide to Using Vulnerability Naming Schemes, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=907934 (Accessed June 25, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created February 25, 2011, Updated May 4, 2021