Making Security Measurable

CVE® International in scope and free for public use, CVE is a dictionary of publicly known information security vulnerabilities and exposures.

CVE’s common identifiers enable data exchange between security products and provide a baseline index point for evaluating coverage of tools and services.

Widespread Use of CVE
Focus On
Requesting CVE Identifier Numbers

There are two primary ways to obtain a CVE Identifier (also called "CVE-IDs," "CVE numbers," "CVE names," and "CVEs") before publicizing a new vulnerability:

  1. Contact one of the official CVE Numbering Authorities (CNAs), which will then include a CVE-ID number in its initial public announcement about your new vulnerability.
  2. Contact the CVE project to Request a CVE-ID and we will provide you with our "CVE Identifier Reservation Guidelines for Researchers" and work with you to assign a CVE-ID number while you work through the process of publicly disclosing the vulnerability.

Please review the Researcher Responsibilities.

Page Last Updated: January 24, 2013