What is CVE?
Common Vulnerabilities and Exposures (CVE) is a freely available list of vulnerabilities that have been assigned a CVE ID. However, over time, CVE has also become the generic term used for vulnerabilities that have been assigned a CVE ID e.g. CVE-2019-19459.
CVE has been managed by MITRE Corporation since its inception in 1999. Prior to CVE, most cybersecurity tools had their own system - databases - for storing and naming vulnerabilities, often causing confusion. CVE was established as a means of standardising the process and it is now the central organisation for 'all things CVE'.
When CVE came into being, it was designed to deal with less than 1,000 vulnerabilities a year. It exceeded that number the year after its inception and, as of the end of 2019, has assigned in excess of 122,000 CVE IDs, with a high of 16,556 in 2018.
SecAlerts uses the information provided by CVE to keep your software up to date and secure. Enter your software stack and receive a free weekly report with a round-up of CVEs (& security news) unique to your stack: www.secalerts.co
Other terms concisely explained:
What is a CVE?
What is a CVE ID?
What is a CVSS?
What is a vulnerability?
What is a CNA?
What is a zero-day?
What is a bug bounty program?
What is a Candidate Naming Authority?