The CVE Program is an international, community-based effort and relies on the community to discover vulnerabilities, which are discovered then assigned and published to the CVE List. This list is built by CVE Numbering Authorities (CNAs) and enables program stakeholders to rapidly discover and correlate vulnerability information used to protect systems against attacks.
Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.
The CVE Board, which drives the direction of the CVE Program, consists of industry, academic, and government representatives from around the world. CVE Working Groups develop the program’s policies (approved by the CVE Board) and are open to the community.