US-CERT and CVE

What is the CVE?

Common Vulnerabilities and Exposures (CVE^®) is sponsored by National Cyber Security Division (NCSD) at the U.S. Department of Homeland Security. US-CERT incorporates CVE names into its security advisories whenever possible and advocates the use of CVE and CVE-compatible products and services to the U.S. government and all members of the information security community.CVE is a list or dictionary of publicly known information security vulnerabilities and exposures international in scope and free for public use. Each vulnerability or exposure included on the CVE List has one common, standardized CVE name.

CVE's common names facilitate the exchange of vulnerability information across security advisories, tools, databases, and services that did not exist prior to the creation of CVE. CVE names are determined by the CVE Editorial Board, composed of experts from across the information security community. Through open and collaborative discussions, Board members decide which vulnerabilities or exposures will be included in CVE, and then determine the common name, description, and references for each official entry.

CVE is:

• One standardized name for each vulnerability or exposure
• The way to interoperability and better security coverage
• A basis for evaluation among tools and databases
• Industry-endorsed via the CVE Editorial Board and CVE-compatible products and services
• Free to the public on the CVE Web site