Relationships Between CVE IDs and Vulnerability Abstraction

Abstract

The CVE Program does not adhere to a strict definition of a vulnerability. For the most part, CNAs are left to their own discretion to determine whether something is a vulnerability. Root CNAs may provide additional guidance to their child CNAs. This allows the program to adapt to definitions used in different industries, legal regimes, and cultures.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
May 01, 2021
Accession Number
AD1133950

Entities

People

  • Art Manion

Organizations

  • Carnegie Mellon University

Tags

DTIC Thesaurus Topics

  • Availability
  • Confluence
  • Copyrights
  • Department Of Defense
  • Department Of Homeland Security
  • Engineering
  • Governments
  • Guarantees
  • Guidance
  • Homeland Security
  • Law
  • Materials
  • Patents
  • Security
  • Software Development
  • Specifications
  • Supply Chain
  • Trademarks
  • United States
  • Universities
  • Vulnerability

Readers

  • Government Contracting/Procurement.
  • Military Logistics and Supply Chain Management
  • Political Violence and Terrorism Studies.