The Common Vulnerabilities and Exposures (CVE) program is run by the government of United States. CVE defines and identifies several kinds of cybersecurity vulnerabilities.
Highlights
National Cybersecurity Federally Funded research and development centre of the United States supports this CVE programme. The FFRDC National Cyber ??Security Center is operated by The Mitre Corporation. Mitre Corporation is a non-profit organization which supports various agencies of the US government. CVE was released in the year 1999.
Workings of CVE
This is an international effort and relies on the community to discover various types of security vulnerabilities of software. The program detects the CVE identifier. These identifiers include names, numbers, and CVE identifiers. These identifiers represent the most sensitive information in publicly available software packages. CVEs are assigned by the CVE Numbering Center. These software packages include beta releases and other preview releases.
Assignment of CVE IDs
CVEs are assigned to software security vulnerabilities that meet certain criteria. Software manufacturer acknowledged a bug. He or She agrees that bugs are detrimental to software security. A vulnerability report is prepared by journalists that proves that the said software has a negative impact on security. A separate CVE is assigned to a security flaw that affects more than one product.
CVE program in India
In the year 2021, the Indian Computer Emergency Response Team was approved for the CVE program. It has been granted the status of a CVE numbering authority. Simply put, a CVE is a publicly disclosed list of computer security flaws. In general, vendors keep secrets about security flaws. This secret is maintained until security bugs are fixed, developed, and tested. It acts as a loophole for intruders. Therefore, it is important to learn about software with these security flaws. It helps government agencies and the public. CVE helps identify these software. Now India will also identify these vulnerable software. India also has access to an existing list of vulnerable software.
