What is CVE?
Common Vulnerabilities and Exposures (CVE) is a freely available list of vulnerabilities that have been assigned a CVE ID. However, over time, CVE has also become the generic term used for vulnerabilities that have been assigned a CVE ID e.g. CVE-2019-19459.
CVE has been managed by MITRE Corporation since its inception in 1999. Prior to CVE, most cybersecurity tools had their own system - databases - for storing and naming vulnerabilities, often causing confusion. CVE was established as a means of standardising the process and it is now the central organisation for 'all things CVE'.
When CVE came into being, it was designed to deal with less than 1,000 vulnerabilities a year (there were more than 16,500 CVE IDs assigned in 2018). Initially only CVE assigned CVE IDs but, as the number of vulnerabilities grew, it became harder for CVE alone to handle the influx. In September 2016, CVE Numbering Authorities (CNAs) were introduced to ease the burden and, as of December 13, 2019, there are 110 organizations in 21 countries participating as CNAs.
SecAlerts uses the information provided by CVE to keep your software up to date and secure. Enter your software stack and receive a free weekly report with a round-up of CVEs (& security news) unique to your stack: www.secalerts.co
Other terms you might like to have explained:
What is a CVE?
What is a CVE ID?
What is a CVSS?
What is a vulnerability?
What is a CNA?
What is a zero-day?
What is a bug bounty program?