Common Vulnerabilities and Exposures Program
The Common Vulnerabilities and Exposures (CVE) Program operates under the United States Government. The CVE identifies and defines cybersecurity vulnerabilities.
About Common Vulnerabilities and Exposures Program
The CVE Program is maintained by The United States National Cybersecurity FFRDC (Federally Funded research and development centre). The National Cybersecurity FFRDC is operated by The Mitre Corporation. The Mitre Corporation is a non-profit organization. It supports several US government agencies. The CVE was launched in 1999.
How does CVE work?
It is an international effort. It relies on the community to discover the software security vulnerabilities. The program defines CVE identifiers. These identifiers include CVE names, numbers, IDs. These identifiers are the most vulnerable information in a publicly released software packages. The CVE is assigned by CVE Numbering Authority. These software packages include betas and other pre-release versions.
India and CVE Program
In October 2021, the India Computer Emergency Response Team (CERT-In) was authorized by CVE Program. It was given the status of CVE Numbering Authority.
How will CVE help India?
In simple terms, CVE is a list of publicly disclosed computer security flaws. Usually, a vendor maintains secrecy when it comes to security flaws. This secrecy is maintained until the security mistakes and errors are fixed, developed and tested. There is no guarantee that they will be fixed. These act as loop holes for the attackers. Therefore, it is important to learn about such software that has security flaws. This helps the government organization and also the public. The CVE helps to identify such software. Now joining hands, India will also identify such vulnerable software. Also, India will gain access to the existing list of vulnerable software.
When is CVE ID assigned?
The CVE IDs are assigned to software security flaws that meet specific criteria. They are as follows:
- The software vendor has acknowledged the bug. He has agreed that the bug has negative impact on the security of the software.
- The reporter has produced a vulnerability report that proves that the software has negative impact on the security.
The security flaws that affect more than one product are assigned separate CVEs.