News item |: 20-07-2022 |: 09:11
NCSC is today authorized by the CVE Program as a CVE Numbering Authority (CNA). With this permission, we as CNAs can independently assign CVE IDs to vulnerabilities without informing other CNAs of the details. This allows us to better guarantee the confidentiality of discovered vulnerabilities and to more easily and effectively manage vulnerabilities.
A CVE ID is a unique number assigned by software vendors to vulnerabilities found in their software. These numbers make it easier for them to identify vulnerabilities and prevent miscommunication.
Many organizations and software vendors in the broader cybersecurity community already use CVE IDs. Software vendors can often assign CVE numbers to their software. Providers who are unable to do so can now help NCSC.
For vulnerabilities that affect multiple systems or vendors and for which NCSC is responsible for coordination, NCSC may decide to assign a CVE number. To do this, the vulnerability must meet the requirements of the CVE program and comply with NCSC’s CNA (CVE Numbering Authority) role. NCSC does not issue CVE-IDs for CVDs to which the Dutch government is the recipient.
The mission of the Common Vulnerabilities and Exposures (CVE®) program is to identify, define, and catalog publicly disclosed vulnerabilities. Have you found a weakness in a control system or a system with a vital function? Report to the NSC.